Continuous user authentication featuring behavioural biometrics

A user authentication method consists of a username, password, or any other related credential. These methods are mostly used only once to validate the user’s identity at the start of session or sometimes after regular interval of time which can lead to security loopholes. However, one-time verification of user’s identity is not resilient enough to provide adequate security all over the session. Such authentication methods are required which can continuously verify that only genuine user is using the system resources for entire session.
In this thesis, a true continuous user authentication system is pro- posed and implemented using behavioural biometrics i.e., keystroke and mouse dynamics which tends to authenticate the user on each sin- gle action. Behavioural biometrics are used since these can passively provide the perpetual information about the user’s behaviour when interacting with the system. Moreover, a novel idea of continuously establishing the identity of user without prior claim at the start of session is also investigated in this research.
Different types of system architectures were formulated based on base- line or traditional machine learning and deep neural network tech- niques. Baseline methods used the statistical features based on mean and standard deviation along with the traditional machine learning classifiers to authenticate the user. On the other hand, recurrent neural networks take the behavioural data input as a sequential time- series and extract features based on raw data events using recurrent neural networks. In particular, system frameworks are designed to lock out the imposter user as quickly as possible along with the opti- mal effort of avoiding the false lock out of genuine users.
This research is examined with thorough and vigorous experiments and validated with two types of behavioural biometric modalities. Overall, the impact of this research is twofold: i) it provides a po- tential solution framework for a true continuous user authentication system which re-verifies te identity of user on each action and ii) it presents a new possibilities of establishing the user’s identity on each action without the earlier affirm of any identity associated with the current user of system at start of session.