Mobile applications are widely used for online services sharing a large amount of personal data online. One-time authentication techniques such as passwords and physiological biometrics (e.g., fingerprint, face, and iris) have their own advantages but also disadvantages since they can be stolen or emulated, and do not prevent access to the underlying device, once it is unlocked. To address these challenges, complementary authentication systems based on behavioural biometrics have emerged. The goal is to continuously profile users based on their interaction with the mobile device. However, existing behavioural authentication schemes are not (i) user-agnostic meaning that they cannot dynamically handle changes in the user-base without model re-training, or (ii) do not scale well to authenticate millions of users. In this paper, we present AuthentiSense, a user-agnostic, scalable, and efficient behavioural biometrics authentication system that enables continuous authentication and utilizes only motion patterns (i.e., accelerometer, gyroscope and magnetometer data) while users interact with mobile apps. Our approach requires neither manually engineered features nor a significant amount of data for model training. We leverage a few-shot learning technique, called Siamese network, to authenticate users at a large scale. We perform a systematic measurement study and report the impact of the parameters such as interaction time needed for authentication and n-shot verification (comparison with enrollment samples) at the recognition stage. Remarkably, AuthentiSense achieves high accuracy of up to 97% in terms of F1-score even when evaluated in a few-shot fashion that requires only a few behaviour samples per user (3 shots). Our approach accurately authenticates users only after 1 second of user interaction. For AuthentiSense, we report a FAR and FRR of 0.023 and 0.057, respectively.

翻译：移动应用广泛应用于在线服务，共享大量个人数据。基于一次认证的技术（如密码和生理生物特征（如指纹、面部和虹膜））各有优势，但也存在缺陷——它们可能被盗取或模仿，且一旦设备解锁后无法阻止对底层设备的访问。为应对这些挑战，基于行为生物特征的补充认证系统应运而生，其目标是通过用户与移动设备的交互持续对用户画像。然而，现有行为认证方案要么（i）非用户无关（即无法在不重新训练模型的情况下动态适应用户群体的变化），要么（ii）难以扩展到对数百万用户的认证。本文提出AuthentiSense——一种用户无关、可扩展且高效的行为生物特征认证系统，可支持持续认证，仅利用用户与移动应用交互时的运动模式（即加速度计、陀螺仪和磁力计数据）。我们的方法无需人工设计特征或大量训练数据。我们采用名为孪生网络的少样本学习技术实现大规模用户认证。通过系统性测量研究，我们报告了认证所需交互时间、识别阶段n-shot验证（与注册样本的比较）等参数的影响。值得注意的是，即使以少样本方式评估（每个用户仅需3个行为样本），AuthentiSense的准确率（以F1分数计）仍高达97%。我们的方法仅需1秒用户交互即可准确认证。对于AuthentiSense，我们报告的错误接受率（FAR）和错误拒绝率（FRR）分别为0.023和0.057。