以作者查詢圖書館館藏 、以作者查詢臺灣博碩士 、以作者查詢全國書目 、勘誤回報 、線上人數:24 、訪客IP:3.146.176.214
姓名 阿伊夫(Afif Izzul Falakh) 查詢紙本館藏 畢業系所 資訊工程學系 論文名稱 透過特徵排名剔除弱特徵以防止智慧型手機的行為生物身分認證 系統受到模擬攻擊
(Weak Features Removal Via Feature Ranking to Prevent Impersonation Attack on Smartphone Behavior Biometric System)檔案 [Endnote RIS 格式] [Bibtex 格式] [相關文章] [文章引用] [完整記錄] [館藏目錄] 至系統瀏覽論文 (2025-7-29以後開放) 摘要(中) 人們對智慧型手機和網路的依賴為許多線上服務的帶來了許多成長的機會,而在
這些線上服務中,某些服務甚至需要處理個人的私密以及敏感訊息,如網路銀行、電
子錢包等。因此,採用多重的安全措施可以使系統的安全性更佳的完善。而近期越來
越受到研究人員關注的一種安全措施是基於生物行為特徵的身分認證系統
(Behavioral Biometrics System,BBS),特別是採用操作智慧型手機的行為作為特
徵。然而,一些研究指出存在冒充使用者行為的攻擊方式,這類的攻擊會為了騙過身
分認證系統而試圖去模仿使用者的行為。
因此,本研究提出了在三種情境下是否存在使用者弱特徵的判別方法:個體弱特
徵(Individual Weak Features,IWF)、共同弱特徵(Common Weak Features,CWF)
和總體弱特徵(General Weak Features,GWF)。首先,我們會進行假冒攻擊,也就是
模仿使用者操作手機的行為,接者將這些攻擊者資料輸入進SVM 模型中,並與未受到
攻擊的基本SVM 模型進行比較,以辨認出弱特徵。 本研究實驗了四種演算法來識別弱
特徵,分別為基本特徵排名法(Baseline Feature Rank,BFR)、反向特徵消去法(
Backward Feature Elimination,BFE)、增強特徵排名法(Enhanced Feature Rank,
EFR)和多模型遞迴特徵消去法(Multi Model Recursive Feature Elimination,
MMRFE)。透過假設測試出的結果,可以證明IWF、CWF 和 GWF 皆可使模型可靠度維持
在一定的程度;而相對於 MMRFE、BFR 和 EFR,使用 BFE 可以得到最好的結果。摘要(英) Our dependence of smartphone and internet has brought many opportunities for the
growth of smartphone based online services. Some of these services are even deal with
private and sensitive information such as mobile banking, electronic wallet, and the likes.
Since that, multiple security measures are implemented to have the system as secure as
possible. One of the security method which is getting more attention from researcher is
behavioral biometrics system (BBS), especially the one based on smartphone swipe and
handling behavior. This type of security system provide non-intrusive continuous
authentication of the user which can protect the user in-between primary authentication
system. However, some research shows the existence of impersonation attack, where an
attacker is trying to mimic the user behavior to fool the system.
Thus, this research proposed a method to identify the existence of weak features in
several scopes: Individual Weak Features (IWF), Common Weak Features (CWF), and General
Weak Features (GWF). First, a simulated attack is carried out. Then, the effect on these attack
to the augmented Support Vector Machine (SVM) model is compared with the base SVM
model is analysed to identify the weak features. Several algorithms are implemented to
identify the weak features, namely Baseline Feature Rank (BFR), Backward Feature Elimination
(BFE), Enhanced Feature Rank (EFR), and Multi Model Recursive Feature Elimination (MMRFE).
By hypothesis testing the IWF, CWF, and GWF is proven to maintain reliability of the model to
certain level. With the best one using BFE followed by MMRFE, BFR, and EFR.關鍵字(中) ★ 生物行為特徵
★ 身份認證
★ SVM
★ 假冒攻擊
★ 弱特徵關鍵字(英) ★ behavioral biometrics
★ authentication
★ SVM
★ impersonation
★ weak features論文目次 中文摘要 ................................................................................................................................ i
Abstract ............................................................................................................................... ii
Acknowledgment ....................................................................................................................... iii
Table Of Contents ...................................................................................................................... iv
List Of Figures ............................................................................................................................ vi
List Of Tables............................................................................................................................ viii
Explanation Of Symbols .............................................................................................................. x
Chapter I Introduction ........................................................................................................... 1
1.1. Background ............................................................................................................ 1
1.2. Motivation ............................................................................................................. 3
1.3. Baseline Research Hypothesis ............................................................................... 5
1.4. Research Objective ................................................................................................ 8
1.5. Problem Statements .............................................................................................. 8
1.6. Contribution .......................................................................................................... 8
1.7. Limitation of Study ................................................................................................ 8
1.8. Thesis Structure ..................................................................................................... 9
Chapter II Literature Review ................................................................................................ 10
2.1. Behavioral Biometric System .............................................................................. 10
2.2. Histogram Feature Representation for Behavior ................................................ 11
2.3. Feature Selection and Number of Samples Importance ..................................... 12
2.4. Multi Sensor Behavior System ............................................................................ 13
2.5. Server-side Processing ........................................................................................ 14
2.6. Impersonation Attack .......................................................................................... 15
2.7. Support Vector Machine (SVM) .......................................................................... 15
2.7.1. Training SVM Hyperparameter C ........................................................................ 18
2.7.2. Linear SVM Weak Features ................................................................................. 21
2.8. BBS Evaluation Metrics ....................................................................................... 22
2.9. Sample Bootstrapping ......................................................................................... 23
Chapter III Proposed Method ............................................................................................... 25
3.1. Data Preprocessing .............................................................................................. 26
3.2. Baseline Model Building ...................................................................................... 32
v
3.3. Feature Ranking and Removal Algorithms .......................................................... 34
3.4. Enhanced Model Building ................................................................................... 38
3.4.1. IWF Scope ............................................................................................................ 38
3.4.2. CWF Scope ........................................................................................................... 39
3.4.3. GWF Scope .......................................................................................................... 40
Chapter IV Experiments And Result Analysis ........................................................................ 41
4.1. Experiments ......................................................................................................... 41
4.1.1. Design .................................................................................................................. 41
4.1.2. Tools Preparation ................................................................................................ 47
4.1.3. Data Collection .................................................................................................... 50
4.1.4. Evaluation ............................................................................................................ 60
4.2. Results & Analysis ................................................................................................ 61
4.2.1. Baseline Model .................................................................................................... 61
4.2.2. Enhanced Model in IWF Scope ............................................................................ 64
4.2.3. Enhanced Model in CWF Scope .......................................................................... 69
4.2.4. Enhanced Model in GWF Scope .......................................................................... 74
Chapter V Conclusion ........................................................................................................... 78
5.1. Conclusion ........................................................................................................... 78
5.2. Future Works ....................................................................................................... 79
Bibliography ............................................................................................................................. 80參考文獻 [1] Y. Yang, B. Guo, Z. Wang, M. Li, Z. Yu, and X. Zhou, “BehaveSense: Continuous
authentication for security-sensitive mobile apps using behavioral biometrics,” Ad Hoc
Networks, vol. 84, pp. 9–18, Mar. 2019, doi: 10.1016/j.adhoc.2018.09.015.
[2] N.-F. Li, P. Tian, and J. Wang, “An authentication method based on user specific
behavior,” in 2016 5th International Conference on Computer Science and Network
Technology (ICCSNT), Dec. 2016, pp. 132–135. doi: 10.1109/ICCSNT.2016.8070134.
[3] A. Suharsono and D. Liang, “Hand Stability Based Features for Touch Behavior
Smartphone Authentication,” in 2020 3rd IEEE International Conference on Knowledge
Innovation and Invention (ICKII), Aug. 2020, pp. 167–170. doi:
10.1109/ICKII50300.2020.9318982.
[4] S. Shah and S. Kanhere, “Recent Trends in User Authentication - A Survey,” IEEE Access,
vol. PP, pp. 1–1, Aug. 2019, doi: 10.1109/ACCESS.2019.2932400.
[5] I. Stylios, S. Kokolakis, O. Thanou, and S. Chatzis, “Behavioral biometrics & continuous
user authentication on mobile devices: A survey,” Information Fusion, vol. 66, pp. 76–99,
Feb. 2021, doi: 10.1016/j.inffus.2020.08.021.
[6] C. Adams, “Impersonation Attack,” in Encyclopedia of Cryptography and Security, H. C. A.
van Tilborg, Ed. Boston, MA: Springer US, 2005, pp. 286–286. doi: 10.1007/0-387-23483-
7_196.
[7] S. Poudel, A. Serwadda, and V. V. Phoha, “On humanoid robots imitating human touch
gestures on the smart phone,” in 2015 IEEE 7th International Conference on Biometrics
Theory, Applications and Systems (BTAS), Sep. 2015, pp. 1–7. doi:
10.1109/BTAS.2015.7358781.
[8] L.-X. Lin, “Impersonation Attack on Touch-Based Behavioral Smartphone
Authentication,” Thesis, CSIE, NCU, Taoyaun, 2021. Accessed: Jun. 15, 2022. [Online].
Available: https://etd.lib.nctu.edu.tw/cgibin/
gs32/ncugsweb.cgi/ccd=yezwX1/record?r1=1&h1=0#XXXX
[9] A. Mahfouz, T. M. Mahmoud, and A. S. Eldin, “A survey on behavioral biometric
authentication on smartphones,” Journal of Information Security and Applications, vol.
37, pp. 28–37, Dec. 2017, doi: 10.1016/j.jisa.2017.10.002.
[10] Y. Yang, J. Sun, and L. Guo, “PersonaIA: A Lightweight Implicit Authentication System
Based on Customized User Behavior Selection,” IEEE Transactions on Dependable and
Secure Computing, vol. 16, no. 1, pp. 113–126, Jan. 2019, doi:
10.1109/TDSC.2016.2645208.
[11] M. Rees, “Behavioral Biometrics: A Complete Guide,” Expert Insights, Dec. 13, 2021.
https://expertinsights.com/insights/a-guide-to-behavioral-biometrics/ (accessed Jun.
16, 2022).
81
[12] R. Das, The Science of Biometrics: Security Technology for Identity Verification. Routledge,
2018.
[13] R. Yampolskiy and V. Govindaraju, “Behavioural biometrics: A survey and classification,”
International Journal of Biometrics, vol. 1, Jan. 2008, doi: 10.1504/IJBM.2008.018665.
[14] C.-C. Lin, C.-C. Chang, and D. Liang, “An Approach for Authenticating Smartphone Users
Based on Histogram Features,” in 2015 IEEE International Conference on Software
Quality, Reliability and Security, Aug. 2015, pp. 125–130. doi: 10.1109/QRS.2015.27.
[15] A. A. Alariki, A. Bt Abdul Manaf, and S. Khan, “A study of touching behavior for
authentication in touch screen smart devices,” in 2016 International Conference on
Intelligent Systems Engineering (ICISE), Jan. 2016, pp. 216–221. doi:
10.1109/IN℡SE.2016.7475123.
[16] M. W. Abo El-Soud, T. Gaber, F. AlFayez, and M. M. Eltoukhy, “Implicit authentication
method for smartphone users based on rank aggregation and random forest,” Alexandria
Engineering Journal, vol. 60, no. 1, pp. 273–283, Feb. 2021, doi:
10.1016/j.aej.2020.08.006.
[17] W. Meng, Y. Wang, D. S. Wong, S. Wen, and Y. Xiang, “TouchWB: Touch behavioral user
authentication based on web browsing on smartphones,” Journal of Network and
Computer Applications, vol. 117, pp. 1–9, Sep. 2018, doi: 10.1016/j.jnca.2018.05.010.
[18] B. Zou and Y. Li, “Touch-based Smartphone Authentication Using Import Vector Domain
Description,” in 2018 IEEE 29th International Conference on Application-specific Systems,
Architectures and Processors (ASAP), Jul. 2018, pp. 1–4. doi:
10.1109/ASAP.2018.8445125.
[19] C. Shen, Y. Li, Y. Chen, X. Guan, and R. A. Maxion, “Performance Analysis of Multi-Motion
Sensor Behavior for Active Smartphone Authentication,” IEEE Transactions on
Information Forensics and Security, vol. 13, no. 1, pp. 48–62, Jan. 2018, doi:
10.1109/TIFS.2017.2737969.
[20] S. Ray, “SVM | Support Vector Machine Algorithm in Machine Learning,” Analytics
Vidhya, Sep. 12, 2017. https://www.analyticsvidhya.com/blog/2017/09/understaingsupport-
vector-machine-example-code/ (accessed Jun. 16, 2022).
[21] S. Fan, “Understanding the mathematics behind Support Vector Machines,” Shuzhan
Fan, May 07, 2018. https://shuzhanfan.github.io/ (accessed Jun. 16, 2022).
[22] C.-W. Hsu, C.-C. Chang, and C.-J. Lin, “A Practical Guide to Support Vector Classification,”
p. 16, May 2016.
[23] I. Syarif, A. Prugel-Bennett, and G. Wills, “SVM Parameter Optimization using Grid Search
and Genetic Algorithm to Improve Classification Performance,” TELKOMNIKA
(Telecommunication Computing Electronics and Control), vol. 14, p. 1502, Dec. 2016, doi:
10.12928/telkomnika.v14i4.3956.
82
[24] J. Brownlee, “How to Model Human Activity From Smartphone Data,” Machine Learning
Mastery, Sep. 16, 2018. https://machinelearningmastery.com/how-to-model-humanactivity-
from-smartphone-data/ (accessed Jun. 19, 2021).
[25] M. Fedotenkova, “Extraction of multivariate components in brain signals obtained during
general anesthesia,” 2016.
[26] F. Rothlauf et al., Applications of Evolutionary Computing: EvoWorkshops 2006: EvoBIO,
EvoCOMNET, EvoHOT, EvoIASP, EvoINTERACTION, EvoMUSART, and EvoSTOC, Budapest,
Hungary, April 10-12, 2006, Proceedings. Springer, 2006.
[27] I. Guyon, J. Weston, S. Barnhill, and V. Vapnik, “Gene Selection for Cancer Classification
using Support Vector Machines,” Machine Learning, vol. 46, no. 1, pp. 389–422, Jan.
2002, doi: 10.1023/A:1012487302797.
[28] U. Gawande and Y. Golhar, “Biometric security system: A rigorous review of unimodal
and multimodal biometrics techniques,” International Journal of Biometrics, vol. 10, p.
142, Jan. 2018, doi: 10.1504/IJBM.2018.091629.
[29] M. Elhoseny, A. Elkhateeb, A. Talaat, and A. E. Hassanien, “Multimodal Biometric
Personal Identification and Verification,” in Studies in Computational Intelligence, 2018,
pp. 249–276. doi: 10.1007/978-3-319-63754-9_12.
[30] P. R. Hinton, Statistics Explained, 3rd ed. New York, NY, USA: Routledge, 2014.
[31] J. Frost, “Introduction to Bootstrapping in Statistics with an Example,” Statistics By Jim,
Oct. 08, 2018. http://statisticsbyjim.com/hypothesis-testing/bootstrapping/ (accessed
Jun. 19, 2022).指導教授 梁德容 博士 張欽圳 博士 Dr. Mardhani Riasetiawan(De-Ron Liang, Ph.D. Chin-Chun Chang, Ph.D. Dr. Mardhani Riasetiawan) 審核日期 2022-8-20 推文 facebook plurk twitter funp google live udn HD myshare reddit netvibes friend youpush delicious baidu 網路書籤 Google bookmarks del.icio.us hemidemi myshare