Continuous User Authentication Based on Context-Emphasized Behavior Profiling

The restriction of access to software systems is more important than ever. For example, critical data is increasingly being stored on web services that are accessible from anywhere in the world. Yet most primary authentication methods are still largely based on passwords, which are vulnerable to various attacks such as phishing scams and keyloggers. Advanced methods of behavior-based authentication exist, but most are designed for a specific area or system and are not generally applicable. In this paper, we propose a generic continuous authentication scheme for software systems, which supplements existing authentication schemes and works as an auxiliary layer to provide additional protection against impostors. The kernel of our scheme is a novel monitoring engine that detects impostors in real-time based on behavior and context information. We evaluate our scheme on a dataset consisting of real users' historical records provided by our industrial partner, and the results demonstrate that our approach achieves a high classification accuracy with only a short delay in detection, allowing for real-time, continuous authentication.