Combining behavioral biometrics and session context analytics to enhance risk-based static authentication in web applications

The fragility of password-based authentication has been recognized and studied for several decades. It is an increasingly common industry practice to profile users based on their sessions context, such as IP ranges and Browser type in order to build a risk profile on an incoming authentication attempt. On the other hand, behavioral dynamics such as mouse and keyword features have been proposed in the scientific literature order to improve authentication, but have been shown most effective in continuous authentication scenarios. In this paper we propose to combine both fingerprinting and behavioral dynamics (for mouse and keyboard) in order to increase security of login mechanisms. We do this by using machine learning techniques that aim at high accuracy, and only occasionally raise alarms for manual inspection. We evaluate our approach on a dataset containing mouse, keyboard and session context information of 24 users and simulated attacks. We show that while context analysis and behavioural analysis on their own achieve around 0.7 accuracy on this dataset, a combined approach reaches up to 0.9 accuracy using a linear combination of the outcomes of the single models.