Ahmad Ali Abin - Faculty of Computer Science and Engineering, Shahid Beheshti University, Tehran, Iran.
Parisima Hosseini - Faculty of Computer Science and Engineering, Shahid Beheshti University, Tehran, Iran
Alireza Torabian Raj - Faculty of Computer Science and Engineering, Shahid Beheshti University, Tehran, Iran

Protection of computer systems is a challenge facing the users, who usually define passwords, fingerprints, face detection patterns, and other identification solutions in order to secure their systems against the misuse and unauthorized access. Nevertheless, these solutions are effective in preventing anonymous people from logging in to the system. If a user leaves a system unlocked for a while or a password has already been disclosed for any reason, such trivial solutions will then fail to secure the system. In this study we introduces new dynamic features considering the time, category and type of the applications a user uses and use them in combination with existing operation-related features in a anomaly detection framework for user authentication. A combination of operation-related and application-related features are then taken into account to create a base profile for each authenticated user in order to detect any unauthorized access. The proposed method can secure systems even if an unauthorized access occurs. In other words, this method compares the current user’s behaviour with the base profile of authenticated user momentarily. If an anomaly is detected, that user is recognized as an unauthorized user and will then be prohibited from working with the system or asked to undergo a two-step authentication process.

Anomaly detection, Continues Authentication, Machine Learning, User profiling, Insider threat