近年來,智慧型手機成為人們生活中的必需品,其中內含大量的個人資訊常常成 為惡意人士竊取的目標之一。既有在智慧型手機上的驗證系統,多半屬於一次性的入 口驗證,這相當於惡意人士只要成功破解一次該機制,就能存取儲存在該手機的所有 資料。而連續式身分驗證系統會持續收集用戶的行為資料,這類資料稱為基於行為的 生物辨識 (Behavioral Biometrics)。這項技術的目的是在不干擾用戶正常使用的情況下, 定期驗證用戶身分,確保裝置由合法使用者操作。然而,這類以行為為基礎的驗證 系統容易受到對抗性攻擊 (Adversarial Attacks) 的威脅,尤其是假冒攻擊 (Impersonation Attacks),進而降低系統的穩健性,導致錯誤的身分判斷。本文提出一種方法,利用用 戶所收集的動態特徵資料並以時間序列 (Time Series) 的形式作為輸入,並採用長短期 記憶 (Long Short Term Memory, LSTM) 為主的神經網路架構進行模型訓練以抵禦假冒攻 擊。該方法無需為新用戶額外收集攻擊者模仿資料,而是使用現有合法用戶及一般使 用者作為負資料進行模型訓練。實驗結果顯示,與基準模型相比,所提出的方法在平 均每位受害者的等錯誤率 (Equal Error Rate, EER) 上獲得改善,並且在統計上具有顯著 差異。;In recent years, smartphones have become an essential part of daily life, containing a vast amount of personal information that often becomes a target for malicious actors. Most existing authentication systems on smartphones rely on one-time entry verification, meaning that once an attacker bypasses the initial authentication, they gain access to all the data on the device. In contrast, continuous authentication systems regularly collect behavioral data, known as behav- ioral biometrics, to verify the user’s identity without interrupting normal usage. However, such behavior-based systems are vulnerable to adversarial attacks, particularly impersonation attacks, which can undermine system robustness and lead to incorrect identity verification. This paper proposes a method that leverages dynamic behavioral data collected from users in the form of time series, using a neural network architecture based on Long Short-Term Memory (LSTM) to defend against impersonation attacks. The proposed approach does not require additional attackers data collection for new users. Instead, it uses data from legitimate users and general users as negative samples for training the model. Experimental results show that the proposed method achieves a lower average Equal Error Rate (EER) across all victims compared to the baseline model and demonstrates statistically significant differences.
