簡易檢索 / 詳目顯示
| 研究生: |
阿伊夫 Afif Izzul Falakh |
|---|---|
| 論文名稱: |
透過特徵排名剔除弱特徵以防止智慧型手機的行為生物身分認證 系統受到模擬攻擊 Weak Features Removal Via Feature Ranking to Prevent Impersonation Attack on Smartphone Behavior Biometric System |
| 指導教授: |
梁德容 博士
De-Ron Liang, Ph.D. 張欽圳 博士 Chin-Chun Chang, Ph.D. Dr. Mardhani Riasetiawan Dr. Mardhani Riasetiawan |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
資訊電機學院 - 資訊工程學系 Department of Computer Science & Information Engineering |
| 論文出版年: | 2022 |
| 畢業學年度: | 110 |
| 語文別: | 英文 |
| 論文頁數: | 98 |
| 中文關鍵詞: | 生物行為特徵 、身份認證 、SVM 、假冒攻擊 、弱特徵 |
| 外文關鍵詞: | behavioral biometrics, authentication, SVM, impersonation, weak features |
| 相關次數: | 點閱:14 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
人們對智慧型手機和網路的依賴為許多線上服務的帶來了許多成長的機會,而在
這些線上服務中,某些服務甚至需要處理個人的私密以及敏感訊息,如網路銀行、電
子錢包等。因此,採用多重的安全措施可以使系統的安全性更佳的完善。而近期越來
越受到研究人員關注的一種安全措施是基於生物行為特徵的身分認證系統
(Behavioral Biometrics System,BBS),特別是採用操作智慧型手機的行為作為特
徵。然而,一些研究指出存在冒充使用者行為的攻擊方式,這類的攻擊會為了騙過身
分認證系統而試圖去模仿使用者的行為。
因此,本研究提出了在三種情境下是否存在使用者弱特徵的判別方法:個體弱特
徵(Individual Weak Features,IWF)、共同弱特徵(Common Weak Features,CWF)
和總體弱特徵(General Weak Features,GWF)。首先,我們會進行假冒攻擊,也就是
模仿使用者操作手機的行為,接者將這些攻擊者資料輸入進SVM 模型中,並與未受到
攻擊的基本SVM 模型進行比較,以辨認出弱特徵。 本研究實驗了四種演算法來識別弱
特徵,分別為基本特徵排名法(Baseline Feature Rank,BFR)、反向特徵消去法(
Backward Feature Elimination,BFE)、增強特徵排名法(Enhanced Feature Rank,
EFR)和多模型遞迴特徵消去法(Multi Model Recursive Feature Elimination,
MMRFE)。透過假設測試出的結果,可以證明IWF、CWF 和 GWF 皆可使模型可靠度維持
在一定的程度;而相對於 MMRFE、BFR 和 EFR,使用 BFE 可以得到最好的結果。
Our dependence of smartphone and internet has brought many opportunities for the
growth of smartphone based online services. Some of these services are even deal with
private and sensitive information such as mobile banking, electronic wallet, and the likes.
Since that, multiple security measures are implemented to have the system as secure as
possible. One of the security method which is getting more attention from researcher is
behavioral biometrics system (BBS), especially the one based on smartphone swipe and
handling behavior. This type of security system provide non-intrusive continuous
authentication of the user which can protect the user in-between primary authentication
system. However, some research shows the existence of impersonation attack, where an
attacker is trying to mimic the user behavior to fool the system.
Thus, this research proposed a method to identify the existence of weak features in
several scopes: Individual Weak Features (IWF), Common Weak Features (CWF), and General
Weak Features (GWF). First, a simulated attack is carried out. Then, the effect on these attack
to the augmented Support Vector Machine (SVM) model is compared with the base SVM
model is analysed to identify the weak features. Several algorithms are implemented to
identify the weak features, namely Baseline Feature Rank (BFR), Backward Feature Elimination
(BFE), Enhanced Feature Rank (EFR), and Multi Model Recursive Feature Elimination (MMRFE).
By hypothesis testing the IWF, CWF, and GWF is proven to maintain reliability of the model to
certain level. With the best one using BFE followed by MMRFE, BFR, and EFR.
[1] Y. Yang, B. Guo, Z. Wang, M. Li, Z. Yu, and X. Zhou, “BehaveSense: Continuous
authentication for security-sensitive mobile apps using behavioral biometrics,” Ad Hoc
Networks, vol. 84, pp. 9–18, Mar. 2019, doi: 10.1016/j.adhoc.2018.09.015.
[2] N.-F. Li, P. Tian, and J. Wang, “An authentication method based on user specific
behavior,” in 2016 5th International Conference on Computer Science and Network
Technology (ICCSNT), Dec. 2016, pp. 132–135. doi: 10.1109/ICCSNT.2016.8070134.
[3] A. Suharsono and D. Liang, “Hand Stability Based Features for Touch Behavior
Smartphone Authentication,” in 2020 3rd IEEE International Conference on Knowledge
Innovation and Invention (ICKII), Aug. 2020, pp. 167–170. doi:
10.1109/ICKII50300.2020.9318982.
[4] S. Shah and S. Kanhere, “Recent Trends in User Authentication - A Survey,” IEEE Access,
vol. PP, pp. 1–1, Aug. 2019, doi: 10.1109/ACCESS.2019.2932400.
[5] I. Stylios, S. Kokolakis, O. Thanou, and S. Chatzis, “Behavioral biometrics & continuous
user authentication on mobile devices: A survey,” Information Fusion, vol. 66, pp. 76–99,
Feb. 2021, doi: 10.1016/j.inffus.2020.08.021.
[6] C. Adams, “Impersonation Attack,” in Encyclopedia of Cryptography and Security, H. C. A.
van Tilborg, Ed. Boston, MA: Springer US, 2005, pp. 286–286. doi: 10.1007/0-387-23483-
7_196.
[7] S. Poudel, A. Serwadda, and V. V. Phoha, “On humanoid robots imitating human touch
gestures on the smart phone,” in 2015 IEEE 7th International Conference on Biometrics
Theory, Applications and Systems (BTAS), Sep. 2015, pp. 1–7. doi:
10.1109/BTAS.2015.7358781.
[8] L.-X. Lin, “Impersonation Attack on Touch-Based Behavioral Smartphone
Authentication,” Thesis, CSIE, NCU, Taoyaun, 2021. Accessed: Jun. 15, 2022. [Online].
Available: https://etd.lib.nctu.edu.tw/cgibin/
gs32/ncugsweb.cgi/ccd=yezwX1/record?r1=1&h1=0#XXXX
[9] A. Mahfouz, T. M. Mahmoud, and A. S. Eldin, “A survey on behavioral biometric
authentication on smartphones,” Journal of Information Security and Applications, vol.
37, pp. 28–37, Dec. 2017, doi: 10.1016/j.jisa.2017.10.002.
[10] Y. Yang, J. Sun, and L. Guo, “PersonaIA: A Lightweight Implicit Authentication System
Based on Customized User Behavior Selection,” IEEE Transactions on Dependable and
Secure Computing, vol. 16, no. 1, pp. 113–126, Jan. 2019, doi:
10.1109/TDSC.2016.2645208.
[11] M. Rees, “Behavioral Biometrics: A Complete Guide,” Expert Insights, Dec. 13, 2021.
https://expertinsights.com/insights/a-guide-to-behavioral-biometrics/ (accessed Jun.
16, 2022).
81
[12] R. Das, The Science of Biometrics: Security Technology for Identity Verification. Routledge,
2018.
[13] R. Yampolskiy and V. Govindaraju, “Behavioural biometrics: A survey and classification,”
International Journal of Biometrics, vol. 1, Jan. 2008, doi: 10.1504/IJBM.2008.018665.
[14] C.-C. Lin, C.-C. Chang, and D. Liang, “An Approach for Authenticating Smartphone Users
Based on Histogram Features,” in 2015 IEEE International Conference on Software
Quality, Reliability and Security, Aug. 2015, pp. 125–130. doi: 10.1109/QRS.2015.27.
[15] A. A. Alariki, A. Bt Abdul Manaf, and S. Khan, “A study of touching behavior for
authentication in touch screen smart devices,” in 2016 International Conference on
Intelligent Systems Engineering (ICISE), Jan. 2016, pp. 216–221. doi:
10.1109/IN℡SE.2016.7475123.
[16] M. W. Abo El-Soud, T. Gaber, F. AlFayez, and M. M. Eltoukhy, “Implicit authentication
method for smartphone users based on rank aggregation and random forest,” Alexandria
Engineering Journal, vol. 60, no. 1, pp. 273–283, Feb. 2021, doi:
10.1016/j.aej.2020.08.006.
[17] W. Meng, Y. Wang, D. S. Wong, S. Wen, and Y. Xiang, “TouchWB: Touch behavioral user
authentication based on web browsing on smartphones,” Journal of Network and
Computer Applications, vol. 117, pp. 1–9, Sep. 2018, doi: 10.1016/j.jnca.2018.05.010.
[18] B. Zou and Y. Li, “Touch-based Smartphone Authentication Using Import Vector Domain
Description,” in 2018 IEEE 29th International Conference on Application-specific Systems,
Architectures and Processors (ASAP), Jul. 2018, pp. 1–4. doi:
10.1109/ASAP.2018.8445125.
[19] C. Shen, Y. Li, Y. Chen, X. Guan, and R. A. Maxion, “Performance Analysis of Multi-Motion
Sensor Behavior for Active Smartphone Authentication,” IEEE Transactions on
Information Forensics and Security, vol. 13, no. 1, pp. 48–62, Jan. 2018, doi:
10.1109/TIFS.2017.2737969.
[20] S. Ray, “SVM | Support Vector Machine Algorithm in Machine Learning,” Analytics
Vidhya, Sep. 12, 2017. https://www.analyticsvidhya.com/blog/2017/09/understaingsupport-
vector-machine-example-code/ (accessed Jun. 16, 2022).
[21] S. Fan, “Understanding the mathematics behind Support Vector Machines,” Shuzhan
Fan, May 07, 2018. https://shuzhanfan.github.io/ (accessed Jun. 16, 2022).
[22] C.-W. Hsu, C.-C. Chang, and C.-J. Lin, “A Practical Guide to Support Vector Classification,”
p. 16, May 2016.
[23] I. Syarif, A. Prugel-Bennett, and G. Wills, “SVM Parameter Optimization using Grid Search
and Genetic Algorithm to Improve Classification Performance,” TELKOMNIKA
(Telecommunication Computing Electronics and Control), vol. 14, p. 1502, Dec. 2016, doi:
10.12928/telkomnika.v14i4.3956.
82
[24] J. Brownlee, “How to Model Human Activity From Smartphone Data,” Machine Learning
Mastery, Sep. 16, 2018. https://machinelearningmastery.com/how-to-model-humanactivity-
from-smartphone-data/ (accessed Jun. 19, 2021).
[25] M. Fedotenkova, “Extraction of multivariate components in brain signals obtained during
general anesthesia,” 2016.
[26] F. Rothlauf et al., Applications of Evolutionary Computing: EvoWorkshops 2006: EvoBIO,
EvoCOMNET, EvoHOT, EvoIASP, EvoINTERACTION, EvoMUSART, and EvoSTOC, Budapest,
Hungary, April 10-12, 2006, Proceedings. Springer, 2006.
[27] I. Guyon, J. Weston, S. Barnhill, and V. Vapnik, “Gene Selection for Cancer Classification
using Support Vector Machines,” Machine Learning, vol. 46, no. 1, pp. 389–422, Jan.
2002, doi: 10.1023/A:1012487302797.
[28] U. Gawande and Y. Golhar, “Biometric security system: A rigorous review of unimodal
and multimodal biometrics techniques,” International Journal of Biometrics, vol. 10, p.
142, Jan. 2018, doi: 10.1504/IJBM.2018.091629.
[29] M. Elhoseny, A. Elkhateeb, A. Talaat, and A. E. Hassanien, “Multimodal Biometric
Personal Identification and Verification,” in Studies in Computational Intelligence, 2018,
pp. 249–276. doi: 10.1007/978-3-319-63754-9_12.
[30] P. R. Hinton, Statistics Explained, 3rd ed. New York, NY, USA: Routledge, 2014.
[31] J. Frost, “Introduction to Bootstrapping in Statistics with an Example,” Statistics By Jim,
Oct. 08, 2018. http://statisticsbyjim.com/hypothesis-testing/bootstrapping/ (accessed
Jun. 19, 2022).
