A Novel Software System Protection Scheme Based on Behavior and Context Monitoring

Abstract

The restriction of access to software systems is more important than ever. Yet, most primary authentication methods are still largely based on passwords, which are vulnerable to various attacks such as phishing scams and keyloggers. Advanced methods of behavior-based authentication exist, but most are platform-specific and are not generally applicable. In this article, the authors propose a generic continuous authentication scheme for software systems, which supplements existing authentication schemes and works as an auxiliary layer to provide additional protection against impostors. The kernel of their scheme is a novel monitoring engine that detects impostors in real-time based on behavior and context information. The authors evaluate their scheme on a dataset consisting of real users' historical records provided by their industrial partner, and the results demonstrate that the approach achieves a high classification accuracy with only a short delay in detection, allowing for real-time, continuous authentication.