基于操作系统性能计数器的深度卷积stm连续认证方法

IF 1.8 4区计算机科学 Q3 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

IET Biometrics Pub Date : 2025-08-26 DOI:10.1049/bme2/8262252

César H. G. Andrade, Hendrio L. S. Bragança, Horácio Fernandes, Eduardo Feitosa, Eduardo Souto

{"title":"基于操作系统性能计数器的深度卷积stm连续认证方法","authors":"César H. G. Andrade, Hendrio L. S. Bragança, Horácio Fernandes, Eduardo Feitosa, Eduardo Souto","doi":"10.1049/bme2/8262252","DOIUrl":null,"url":null,"abstract":"<p>Authentication in personal and corporate computer systems predominantly relies on login and password credentials, which are vulnerable to unauthorized access, especially when genuine users leave their devices unlocked. To address this issue, continuous authentication (CA) systems based on behavioral biometrics have gained attention. Traditional CA models leverage user–device interactions, such as mouse movements, typing dynamics, and speech recognition. This paper introduces a novel approach that utilizes system performance counters—attributes such as memory usage, CPU load, and network activity—collected passively by operating systems (OSs), to develop a robust and low-intrusive authentication mechanism. Our method employs a deep network architecture combining convolutional neural networks (CNNs) with long short-term memory (LSTM) layers to analyze temporal patterns and identify unique user behaviors. Unlike traditional methods, performance counters capture subtle system-level usage patterns that are harder to mimic, enhancing security and resilience to attacks. We integrate a trust model into the CA framework to balance security and usability by avoiding interruptions for genuine users while blocking impostors in real-time. We evaluate our approach using two new datasets, COUNT-SO-I (26 users) and COUNT-SO-II (37 users), collected in real-world scenarios without specific task constraints. Our results demonstrate the feasibility and effectiveness of the proposed method, achieving 99% detection accuracy (ACC) for impostor users within an average of 17.2 s, while maintaining seamless user experiences. These findings highlight the potential of performance counter–based CA systems for practical applications, such as safeguarding sensitive systems in corporate, governmental, and personal environments.</p>","PeriodicalId":48821,"journal":{"name":"IET Biometrics","volume":"2025 1","pages":""},"PeriodicalIF":1.8000,"publicationDate":"2025-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/bme2/8262252","citationCount":"0","resultStr":"{\"title\":\"A DeepConvLSTM Approach for Continuous Authentication Using Operational System Performance Counters\",\"authors\":\"César H. G. Andrade, Hendrio L. S. Bragança, Horácio Fernandes, Eduardo Feitosa, Eduardo Souto\",\"doi\":\"10.1049/bme2/8262252\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Authentication in personal and corporate computer systems predominantly relies on login and password credentials, which are vulnerable to unauthorized access, especially when genuine users leave their devices unlocked. To address this issue, continuous authentication (CA) systems based on behavioral biometrics have gained attention. Traditional CA models leverage user–device interactions, such as mouse movements, typing dynamics, and speech recognition. This paper introduces a novel approach that utilizes system performance counters—attributes such as memory usage, CPU load, and network activity—collected passively by operating systems (OSs), to develop a robust and low-intrusive authentication mechanism. Our method employs a deep network architecture combining convolutional neural networks (CNNs) with long short-term memory (LSTM) layers to analyze temporal patterns and identify unique user behaviors. Unlike traditional methods, performance counters capture subtle system-level usage patterns that are harder to mimic, enhancing security and resilience to attacks. We integrate a trust model into the CA framework to balance security and usability by avoiding interruptions for genuine users while blocking impostors in real-time. We evaluate our approach using two new datasets, COUNT-SO-I (26 users) and COUNT-SO-II (37 users), collected in real-world scenarios without specific task constraints. Our results demonstrate the feasibility and effectiveness of the proposed method, achieving 99% detection accuracy (ACC) for impostor users within an average of 17.2 s, while maintaining seamless user experiences. These findings highlight the potential of performance counter–based CA systems for practical applications, such as safeguarding sensitive systems in corporate, governmental, and personal environments.</p>\",\"PeriodicalId\":48821,\"journal\":{\"name\":\"IET Biometrics\",\"volume\":\"2025 1\",\"pages\":\"\"},\"PeriodicalIF\":1.8000,\"publicationDate\":\"2025-08-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/bme2/8262252\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Biometrics\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/bme2/8262252\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Biometrics","FirstCategoryId":"94","ListUrlMain":"https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/bme2/8262252","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

摘要

个人和企业计算机系统中的身份验证主要依赖于登录和密码凭据，这很容易受到未经授权的访问，特别是当真正的用户未锁定设备时。为了解决这一问题，基于行为生物识别的连续身份验证（CA）系统引起了人们的关注。传统的CA模型利用用户-设备交互，例如鼠标移动、输入动态和语音识别。本文介绍了一种新的方法，该方法利用系统性能计数器——由操作系统（os）被动收集的内存使用、CPU负载和网络活动等属性——来开发一种健壮且低侵入性的身份验证机制。我们的方法采用卷积神经网络（cnn）与长短期记忆（LSTM）层相结合的深度网络架构来分析时间模式并识别独特的用户行为。与传统方法不同，性能计数器捕捉难以模仿的微妙的系统级使用模式，从而增强了安全性和抵御攻击的弹性。我们将信任模型集成到CA框架中，通过避免真正用户的中断，同时实时阻止冒名顶替者，来平衡安全性和可用性。我们使用两个新的数据集，COUNT-SO-I（26个用户）和COUNT-SO-II（37个用户）来评估我们的方法，这些数据集收集于没有特定任务约束的真实场景中。我们的研究结果证明了该方法的可行性和有效性，在平均17.2秒内实现了99%的冒名顶替用户检测准确率（ACC），同时保持了无缝的用户体验。这些发现突出了基于性能计数器的CA系统在实际应用中的潜力，例如保护企业、政府和个人环境中的敏感系统。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

A DeepConvLSTM Approach for Continuous Authentication Using Operational System Performance Counters

查看原文本刊更多论文

A DeepConvLSTM Approach for Continuous Authentication Using Operational System Performance Counters

Authentication in personal and corporate computer systems predominantly relies on login and password credentials, which are vulnerable to unauthorized access, especially when genuine users leave their devices unlocked. To address this issue, continuous authentication (CA) systems based on behavioral biometrics have gained attention. Traditional CA models leverage user–device interactions, such as mouse movements, typing dynamics, and speech recognition. This paper introduces a novel approach that utilizes system performance counters—attributes such as memory usage, CPU load, and network activity—collected passively by operating systems (OSs), to develop a robust and low-intrusive authentication mechanism. Our method employs a deep network architecture combining convolutional neural networks (CNNs) with long short-term memory (LSTM) layers to analyze temporal patterns and identify unique user behaviors. Unlike traditional methods, performance counters capture subtle system-level usage patterns that are harder to mimic, enhancing security and resilience to attacks. We integrate a trust model into the CA framework to balance security and usability by avoiding interruptions for genuine users while blocking impostors in real-time. We evaluate our approach using two new datasets, COUNT-SO-I (26 users) and COUNT-SO-II (37 users), collected in real-world scenarios without specific task constraints. Our results demonstrate the feasibility and effectiveness of the proposed method, achieving 99% detection accuracy (ACC) for impostor users within an average of 17.2 s, while maintaining seamless user experiences. These findings highlight the potential of performance counter–based CA systems for practical applications, such as safeguarding sensitive systems in corporate, governmental, and personal environments.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IET Biometrics COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE-

CiteScore

5.90

自引率

0.00%

发文量

审稿时长

33 weeks

期刊介绍： The field of biometric recognition - automated recognition of individuals based on their behavioural and biological characteristics - has now reached a level of maturity where viable practical applications are both possible and increasingly available. The biometrics field is characterised especially by its interdisciplinarity since, while focused primarily around a strong technological base, effective system design and implementation often requires a broad range of skills encompassing, for example, human factors, data security and database technologies, psychological and physiological awareness, and so on. Also, the technology focus itself embraces diversity, since the engineering of effective biometric systems requires integration of image analysis, pattern recognition, sensor technology, database engineering, security design and many other strands of understanding. The scope of the journal is intentionally relatively wide. While focusing on core technological issues, it is recognised that these may be inherently diverse and in many cases may cross traditional disciplinary boundaries. The scope of the journal will therefore include any topics where it can be shown that a paper can increase our understanding of biometric systems, signal future developments and applications for biometrics, or promote greater practical uptake for relevant technologies: Development and enhancement of individual biometric modalities including the established and traditional modalities (e.g. face, fingerprint, iris, signature and handwriting recognition) and also newer or emerging modalities (gait, ear-shape, neurological patterns, etc.) Multibiometrics, theoretical and practical issues, implementation of practical systems, multiclassifier and multimodal approaches Soft biometrics and information fusion for identification, verification and trait prediction Human factors and the human-computer interface issues for biometric systems, exception handling strategies Template construction and template management, ageing factors and their impact on biometric systems Usability and user-oriented design, psychological and physiological principles and system integration Sensors and sensor technologies for biometric processing Database technologies to support biometric systems Implementation of biometric systems, security engineering implications, smartcard and associated technologies in implementation, implementation platforms, system design and performance evaluation Trust and privacy issues, security of biometric systems and supporting technological solutions, biometric template protection Biometric cryptosystems, security and biometrics-linked encryption Links with forensic processing and cross-disciplinary commonalities Core underpinning technologies (e.g. image analysis, pattern recognition, computer vision, signal processing, etc.), where the specific relevance to biometric processing can be demonstrated Applications and application-led considerations Position papers on technology or on the industrial context of biometric system development Adoption and promotion of standards in biometrics, improving technology acceptance, deployment and interoperability, avoiding cross-cultural and cross-sector restrictions Relevant ethical and social issues