臺灣博碩士論文加值系統

資訊與科技的新紀元到來後，全世界許多人們的生活重心已和科技密不可分。隨著人們對資訊科技的依賴越重，數位設備與電子資訊已經成為人們不可取代的重大資產。近年來電子商務交易與網路遊戲之蓬勃發展，使用者帳號密碼遺失或被盜用之狀況頻繁，憑藉著密碼驗證機制已經無法滿足使用者需求。在這種情形之下，生物辨識技術亦會越來越受重視。
生物辨識技術區分為生理學與行為特徵來驗證與識別合法的使用者。生理學特徵指紋已經廣泛的運用在電腦登入驗證上；相對於生理學特徵，行為特徵憑藉使用者操作電腦行為來驗證與識別使用者。在行為特徵中，滑鼠行為（Mouse Dynamics）主要是以被動方式監控使用者操作滑鼠的行為，並記錄軌跡的移動速度、加速度等特徵來驗證或識別使用者。然而至今滑鼠行為研究只收集特定應用程式之操作行為，不同的應用程式下其特徵之顯著性都不盡相同。
本論文主要是評估現有的滑鼠行為特徵中，哪些特徵之顯著性不隨著應用程式的不同而改變，藉此來建立使用者的資訊檔（Profile），以達到連續即時的重新驗證（Re-Authentication）目的。

Password is lost or theft frequency as a result of e-busniness and online trading grow up in recent years. Authentication by password is not enough in the feature. Accordingly biometrics is more important in the situation.
Biometrics, the application of statistical analysis identifies individuals through their biological and physiological characteristics. Mouse dynamics is behavioral biometric technology, which allows user recognition based on the actions received from the mouse input device of computer while interacting with a graphical user interface. But current researches of mouse dynamics are force on specific applications (eg. browsers) or fixed action (eg. signature). The important features in different applications are different so that it is difficult to apply to re-authentication mechanism.
Therefore, the main purpose of this thesis is to find the ordered list of important features (global features) that are stable in different application in mouse dynamics, and demonstrate the correct rates of difference between authentication model created by global features and local features are less than three percent.

摘要 I
Abstract II
誌謝 III
目錄 IV
圖目錄 VI
表目錄 VIII
第一章 導論 1
第一節 研究動機 1
第一項 帳號密碼驗證無法滿足需求 1
第二項 生物識別技術 1
第三項 滑鼠軌跡行為無法滿足重新驗證機制 2
第二節 研究目的 2
第三節 論文架構 2
第二章 研究背景 3
第一節 電腦犯罪逐年提升 3
第二節 帳號密碼驗證不足 4
第三節 生物辨識技術 5
第四節 重新驗證機制 7
第五節 滑鼠軌跡行為 8
第一項 影響滑鼠軌跡之因素 9
第三章 文獻探討 12
第一節 滑鼠行為特徵研究 12
第二節 滑鼠軌跡特徵量 17
第一項 軌跡點與操作軌跡 17
第二項 軌跡特徵量 19
第四章 實驗設計 22
第一節 實驗一（尋找全域性特徵量） 22
第一項 收集資料階段 22
第二項 前置處理階段 24
第三項 分析階段 26
第二節 實驗二（比較驗證模型準確率差異） 31
第五章 實驗結果與評估 33
第一節 實驗樣本 33
第二節 全域性特徵量 34
第三節 驗證模型準確率差異 38
第六章 研究結論與未來工作發展 40
第一節 研究貢獻 40
第二節 結論 40
第三節 未來研究方向及展望 40
參考文獻 42

[1] Microsoft and U. S. S. Service, "2007 E?Crime Watch Survey," in CSO magazine, 2007.
[2] P. Maja and E. B. Carla, "User re-authentication via mouse movements," in Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security Washington DC, USA: ACM, 2004.
[3] V. Woods, S. Hastings, P. Buckle, and R. Haslam, "Ergonomics of using a mouse or other non-keyboard input device," in Health and Safety Executive, 2002.
[4] C. Eoghan, Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet with Cdrom: Academic Press, Inc., 2000.
[5] B. P. Donn, Fighting computer crime: a new framework for protecting information: John Wiley & Sons, Inc., 1998.
[6] Y. Jeff, B. Alan, A. Ross, and G. Alasdair, "Password Memorability and Security: Empirical Results," IEEE Security and Privacy, vol. 2, pp. 25-31, 2004.
[7] W. Daphna and K. Scott, "Passwords you'll never forget, but can't recall," in CHI '04 extended abstracts on Human factors in computing systems Vienna, Austria: ACM, 2004.
[8] T. Espiner, "Companies urged to move beyond passwords," in ZDNet UK London, 2005.
[9] V. Lucian and V. Ioana, "Dissecting Computer Fraud: From Definitional Issues to a Taxonomy," in Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 7 - Volume 7: IEEE Computer Society, 2004.
[10] "How is Biometrics' Defined?," in International Biometric Group.
[11] S. Furnell and N. Clarke, "Biometrics: no silver bullets," Computer Fraud & Security, vol. 2005, pp. 9-14, 2005.
[12] V, M. clav, s, Jr., and R. Zdenek, "Toward Reliable User Authentication through Biometrics," IEEE Security and Privacy, vol. 1, pp. 45-49, 2003.
[13] "Computer Crime and Security Survey," Computer Security Institute 2007.
[14] M. A. Vasarheli and F. B. Halper, "The Continuous Audit of Online System," A Journal of Practice & Theory, vol. 10, pp. 110-125, 1991.
[15] Microsoft, "Pointer Ballistics for Windows XP," 2002.
[16] S. Agus Fanar, O. Eiji, and M. Masahiro, "A User Identification System Using Signature Written with Mouse," in Proceedings of the Third Australasian Conference on Information Security and Privacy: Springer-Verlag, 1998.
[17] A. J. E. Ross and W. M. Peter, "Java-Based Internet Biometric Authentication System," IEEE Trans. Pattern Anal. Mach. Intell., vol. 25, pp. 1166-1172, 2003.
[18] H. Gamboa and A. Fred, "An Identity Authentication System Based on Human Computer Interaction Behaviour," Aceite para publicacao na 3rd Workshop on Pattern Recognition in Information Systems PRIS 2003.
[19] H. Sylvain, R. Jean-Yves, and C. Hubert, "Users Authentication By a Study of Human Computer Interactions," Universite Francois-Rabelais, 2004.
[20] E. A. Ahmed Awad, "A New Biometric Technology Based on Mouse Dynamics," IEEE Trans. Dependable Secur. Comput., vol. 4, pp. 165-179, 2007.
[21] Y. Liao, "Analysis of Computer Crime Characteristics," Information Technology and Society, 2001.
[22] S. Yijun and L. Jian, "Iterative RELIEF for feature weighting," in Proceedings of the 23rd international conference on Machine learning Pittsburgh, Pennsylvania: ACM, 2006.