César H. G. Andrade, Hendrio L. S. Bragança, Horácio Fernandes, Eduardo Feitosa, Eduardo Souto
{"title":"基于操作系统性能计数器的深度卷积stm连续认证方法","authors":"César H. G. Andrade, Hendrio L. S. Bragança, Horácio Fernandes, Eduardo Feitosa, Eduardo Souto","doi":"10.1049/bme2/8262252","DOIUrl":null,"url":null,"abstract":"<p>Authentication in personal and corporate computer systems predominantly relies on login and password credentials, which are vulnerable to unauthorized access, especially when genuine users leave their devices unlocked. To address this issue, continuous authentication (CA) systems based on behavioral biometrics have gained attention. Traditional CA models leverage user–device interactions, such as mouse movements, typing dynamics, and speech recognition. This paper introduces a novel approach that utilizes system performance counters—attributes such as memory usage, CPU load, and network activity—collected passively by operating systems (OSs), to develop a robust and low-intrusive authentication mechanism. Our method employs a deep network architecture combining convolutional neural networks (CNNs) with long short-term memory (LSTM) layers to analyze temporal patterns and identify unique user behaviors. Unlike traditional methods, performance counters capture subtle system-level usage patterns that are harder to mimic, enhancing security and resilience to attacks. We integrate a trust model into the CA framework to balance security and usability by avoiding interruptions for genuine users while blocking impostors in real-time. We evaluate our approach using two new datasets, COUNT-SO-I (26 users) and COUNT-SO-II (37 users), collected in real-world scenarios without specific task constraints. Our results demonstrate the feasibility and effectiveness of the proposed method, achieving 99% detection accuracy (ACC) for impostor users within an average of 17.2 s, while maintaining seamless user experiences. These findings highlight the potential of performance counter–based CA systems for practical applications, such as safeguarding sensitive systems in corporate, governmental, and personal environments.</p>","PeriodicalId":48821,"journal":{"name":"IET Biometrics","volume":"2025 1","pages":""},"PeriodicalIF":1.8000,"publicationDate":"2025-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/bme2/8262252","citationCount":"0","resultStr":"{\"title\":\"A DeepConvLSTM Approach for Continuous Authentication Using Operational System Performance Counters\",\"authors\":\"César H. G. Andrade, Hendrio L. S. Bragança, Horácio Fernandes, Eduardo Feitosa, Eduardo Souto\",\"doi\":\"10.1049/bme2/8262252\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Authentication in personal and corporate computer systems predominantly relies on login and password credentials, which are vulnerable to unauthorized access, especially when genuine users leave their devices unlocked. To address this issue, continuous authentication (CA) systems based on behavioral biometrics have gained attention. Traditional CA models leverage user–device interactions, such as mouse movements, typing dynamics, and speech recognition. This paper introduces a novel approach that utilizes system performance counters—attributes such as memory usage, CPU load, and network activity—collected passively by operating systems (OSs), to develop a robust and low-intrusive authentication mechanism. Our method employs a deep network architecture combining convolutional neural networks (CNNs) with long short-term memory (LSTM) layers to analyze temporal patterns and identify unique user behaviors. Unlike traditional methods, performance counters capture subtle system-level usage patterns that are harder to mimic, enhancing security and resilience to attacks. We integrate a trust model into the CA framework to balance security and usability by avoiding interruptions for genuine users while blocking impostors in real-time. We evaluate our approach using two new datasets, COUNT-SO-I (26 users) and COUNT-SO-II (37 users), collected in real-world scenarios without specific task constraints. Our results demonstrate the feasibility and effectiveness of the proposed method, achieving 99% detection accuracy (ACC) for impostor users within an average of 17.2 s, while maintaining seamless user experiences. These findings highlight the potential of performance counter–based CA systems for practical applications, such as safeguarding sensitive systems in corporate, governmental, and personal environments.</p>\",\"PeriodicalId\":48821,\"journal\":{\"name\":\"IET Biometrics\",\"volume\":\"2025 1\",\"pages\":\"\"},\"PeriodicalIF\":1.8000,\"publicationDate\":\"2025-08-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/bme2/8262252\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Biometrics\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/bme2/8262252\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Biometrics","FirstCategoryId":"94","ListUrlMain":"https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/bme2/8262252","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
A DeepConvLSTM Approach for Continuous Authentication Using Operational System Performance Counters
Authentication in personal and corporate computer systems predominantly relies on login and password credentials, which are vulnerable to unauthorized access, especially when genuine users leave their devices unlocked. To address this issue, continuous authentication (CA) systems based on behavioral biometrics have gained attention. Traditional CA models leverage user–device interactions, such as mouse movements, typing dynamics, and speech recognition. This paper introduces a novel approach that utilizes system performance counters—attributes such as memory usage, CPU load, and network activity—collected passively by operating systems (OSs), to develop a robust and low-intrusive authentication mechanism. Our method employs a deep network architecture combining convolutional neural networks (CNNs) with long short-term memory (LSTM) layers to analyze temporal patterns and identify unique user behaviors. Unlike traditional methods, performance counters capture subtle system-level usage patterns that are harder to mimic, enhancing security and resilience to attacks. We integrate a trust model into the CA framework to balance security and usability by avoiding interruptions for genuine users while blocking impostors in real-time. We evaluate our approach using two new datasets, COUNT-SO-I (26 users) and COUNT-SO-II (37 users), collected in real-world scenarios without specific task constraints. Our results demonstrate the feasibility and effectiveness of the proposed method, achieving 99% detection accuracy (ACC) for impostor users within an average of 17.2 s, while maintaining seamless user experiences. These findings highlight the potential of performance counter–based CA systems for practical applications, such as safeguarding sensitive systems in corporate, governmental, and personal environments.
IET BiometricsCOMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE-
CiteScore
5.90
自引率
0.00%
发文量
46
审稿时长
33 weeks
期刊介绍:
The field of biometric recognition - automated recognition of individuals based on their behavioural and biological characteristics - has now reached a level of maturity where viable practical applications are both possible and increasingly available. The biometrics field is characterised especially by its interdisciplinarity since, while focused primarily around a strong technological base, effective system design and implementation often requires a broad range of skills encompassing, for example, human factors, data security and database technologies, psychological and physiological awareness, and so on. Also, the technology focus itself embraces diversity, since the engineering of effective biometric systems requires integration of image analysis, pattern recognition, sensor technology, database engineering, security design and many other strands of understanding.
The scope of the journal is intentionally relatively wide. While focusing on core technological issues, it is recognised that these may be inherently diverse and in many cases may cross traditional disciplinary boundaries. The scope of the journal will therefore include any topics where it can be shown that a paper can increase our understanding of biometric systems, signal future developments and applications for biometrics, or promote greater practical uptake for relevant technologies:
Development and enhancement of individual biometric modalities including the established and traditional modalities (e.g. face, fingerprint, iris, signature and handwriting recognition) and also newer or emerging modalities (gait, ear-shape, neurological patterns, etc.)
Multibiometrics, theoretical and practical issues, implementation of practical systems, multiclassifier and multimodal approaches
Soft biometrics and information fusion for identification, verification and trait prediction
Human factors and the human-computer interface issues for biometric systems, exception handling strategies
Template construction and template management, ageing factors and their impact on biometric systems
Usability and user-oriented design, psychological and physiological principles and system integration
Sensors and sensor technologies for biometric processing
Database technologies to support biometric systems
Implementation of biometric systems, security engineering implications, smartcard and associated technologies in implementation, implementation platforms, system design and performance evaluation
Trust and privacy issues, security of biometric systems and supporting technological solutions, biometric template protection
Biometric cryptosystems, security and biometrics-linked encryption
Links with forensic processing and cross-disciplinary commonalities
Core underpinning technologies (e.g. image analysis, pattern recognition, computer vision, signal processing, etc.), where the specific relevance to biometric processing can be demonstrated
Applications and application-led considerations
Position papers on technology or on the industrial context of biometric system development
Adoption and promotion of standards in biometrics, improving technology acceptance, deployment and interoperability, avoiding cross-cultural and cross-sector restrictions
Relevant ethical and social issues