【摘要】：近年來互聯(lián)網(wǎng)快速發(fā)展,給社會發(fā)展、經(jīng)濟增長以及文化繁榮帶來了各種各樣的機會,互聯(lián)網(wǎng)給人們帶來便利的同時也帶來了不小的網(wǎng)絡(luò)安全風(fēng)險。網(wǎng)絡(luò)安全尤其是身份認證技術(shù)逐漸成為人們關(guān)注的問題。安全的身份認證是保證計算機網(wǎng)絡(luò)系統(tǒng)安全運行的基本前提。由于行為特征具有唯一性和易采集性的特點,在身份認證技術(shù)領(lǐng)域備受關(guān)注,因此研究基于行為特征的身份認證技術(shù)是非常有意義的。本文針對Web平臺身份認證環(huán)節(jié)廣泛使用用戶名/密碼方案存在的不足,提出了基于靜態(tài)認證和動態(tài)認證相結(jié)合的動態(tài)連續(xù)身份認證方案。用戶在最初登錄系統(tǒng)時,需通過用戶名/密碼和驗證碼的靜態(tài)認證方式獲取系統(tǒng)權(quán)限資源。用戶成功獲取權(quán)限后,采用基于擊鍵行為特征和鼠標(biāo)行為特征組合的多行為特征動態(tài)認證方案,持續(xù)不斷監(jiān)聽用戶操作行為。通過操作行為判斷操作對象是否為用戶本人,保證了系統(tǒng)登錄及登錄后的安全性。本文研究的主要內(nèi)容為驗證碼圖像生成技術(shù)和操作行為特征在動態(tài)連續(xù)身份認證系統(tǒng)(DCA)中的應(yīng)用。在靜態(tài)登錄環(huán)節(jié)采用了基于多圖層驗證碼圖像生成技術(shù),降低了計算機對驗證碼圖像的識別準(zhǔn)確率。為DCA系統(tǒng)研發(fā)了捕獲用戶操作行為的數(shù)據(jù)采集軟件;改進了信任模型中操作信任分數(shù)的計算方法,提升了信任分數(shù)的計算精確率。為了阻止攻擊者利用安全漏洞逃避鼠標(biāo)或者鍵盤中的某一個設(shè)備的入侵檢測,采用擊鍵行為特征和鼠標(biāo)行為特征相結(jié)合的方式進行身份認證。最后對動態(tài)連續(xù)身份認證系統(tǒng)性能和行為特征數(shù)據(jù)的處理和分類進行了大量實驗驗證。由53名志愿者在無約束條件下對DCA系統(tǒng)進行測試,測試結(jié)果顯示準(zhǔn)確識別率達到80%,可以很好地實現(xiàn)動態(tài)連續(xù)身份認證。通過計算機分別識別了基于傳統(tǒng)技術(shù)和多圖層技術(shù)生成的驗證碼圖像,發(fā)現(xiàn)基于多圖層技術(shù)生成的驗證碼圖像的識別誤檢率明顯增加,達到21%,有效阻止了機器程序大量惡意注冊行為。
[Abstract]:In recent years, the rapid development of the Internet has brought a variety of opportunities for social development, economic growth and cultural prosperity. Network security, especially identity authentication technology, has gradually become a problem that people pay attention to. Secure identity authentication is the basic premise to ensure the safe operation of computer network system. Because behavior features are unique and easy to collect, they have attracted much attention in the field of identity authentication, so it is very meaningful to study the identity authentication technology based on behavior characteristics. Aiming at the shortcomings of the user name / password scheme widely used in identity authentication of Web platform, a dynamic continuous identity authentication scheme based on static authentication and dynamic authentication is proposed in this paper. When users log on to the system initially, they need to obtain the system permission resources by the static authentication of user name / password and verification code. After the user acquires permission successfully, the dynamic authentication scheme based on the combination of keystroke behavior and mouse behavior features is adopted to continuously monitor the user's operation behavior. Through the operation behavior to judge whether the operation object is the user, it ensures the system login and the security after login. The main content of this paper is the application of image generation technology and operational behavior feature in dynamic continuous identity authentication system (DCA). In the static login, the multi-layer verification code image generation technology is adopted, which reduces the recognition accuracy of the computer for the verification code image. This paper develops a data acquisition software for DCA system to capture the user's operation behavior, and improves the calculation method of the operational trust score in the trust model to improve the accuracy of the calculation of the trust score. In order to prevent attackers from using security vulnerabilities to evade the intrusion detection of a certain device in the mouse or keyboard, the identity authentication is carried out by combining keystroke behavior characteristics with mouse behavior characteristics. Finally, a large number of experiments are carried out to verify the performance and behavior feature data processing and classification of dynamic continuous identity authentication system. The DCA system is tested by 53 volunteers under unconstrained conditions. The test results show that the accurate identification rate is 80%, and the dynamic continuous identity authentication can be realized well. The verification code images generated by traditional technology and multi-layer technology are recognized by computer respectively. It is found that the recognition error detection rate of the verification code image generated by multi-layer technology is obviously increased to 21. Effectively prevents a large number of malicious registrations of machine programs.
【學(xué)位授予單位】：江蘇科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前10條

1 楊勇;許杰;;個人身份認證技術(shù)及其研究進展[J];通信技術(shù);2017年01期

2 盧世軍;;生物特征識別技術(shù)發(fā)展與應(yīng)用綜述[J];計算機安全;2013年01期

3 余幸杰;高能;江偉玉;;云計算中的身份認證技術(shù)研究[J];信息網(wǎng)絡(luò)安全;2012年08期

4 鄭雷雷;宋麗華;郭銳;張建成;;B/S架構(gòu)軟件的安全性測試研究[J];計算機技術(shù)與發(fā)展;2012年01期

5 夏亮;韓冬;馬書才;;基于神經(jīng)網(wǎng)絡(luò)的多因素身份認證方法[J];吉林大學(xué)學(xué)報(信息科學(xué)版);2011年02期

6 沈超;蔡忠閩;管曉宏;房超;杜友田;;基于鼠標(biāo)行為特征的用戶身份認證與監(jiān)控[J];通信學(xué)報;2010年07期

7 房超;蔡忠閩;沈超;牛非;管曉宏;;基于鼠標(biāo)動力學(xué)模型的用戶身份認證與監(jiān)控[J];西安交通大學(xué)學(xué)報;2008年10期

8 欒方軍;程海;宋曉宇;;基于HMM的在線手寫簽名認證系統(tǒng)設(shè)計與實現(xiàn)[J];計算機應(yīng)用與軟件;2008年06期

9 常亮;吳鐵峰;;基于自適應(yīng)模糊c均值的擊鍵序列身份認證[J];機械管理開發(fā);2008年02期

10 劉志才;彭宏;鄧爽;趙毓高;;基于支持向量方法和擊鍵序列的主機入侵檢測[J];計算機工程與應(yīng)用;2007年15期

相關(guān)碩士學(xué)位論文 前1條

1 郭曉靜;基于統(tǒng)計學(xué)的擊鍵序列身份認證算法研究與改進[D];北京郵電大學(xué);2013年

，

本文編號：2399178