Trusted　Connection　Authentication　(TCA)　is　a　critical　part　of　network　security　access　solution.　TCA　is　a　kind　of　high　level　trusted　network　access　techniques　which　can　create　trusted　connections　between　client　and　remote　networks　through　two-way　user　authentication　and　platform　identification　in　TTP.　However,　there　are　general　security　problems　after　accessed　to　the　network　which　are　not　much　considered　by　existing　TCA　schemes.　Therefore,　this　paper　proposes　a　reinforced　TCA　architecture,　TCA-BA,　which　extends　a　network　behavior　layer　on　the　basis　of　TCA.　Firstly,　network　behavior　eigenvalue　extraction　is　proposed　by　using　time　and　host　network　flow　characteristics.　Secondly,　a　new　method　is　illustrated　in　which　we　classify　the　behavior　by　Naïve　Bayes　Algorithm,　measure　the　network　abnormal　behavior　by　minimum　risk　bayes　rules,　identify　these　behaviors　which　have　accessed　to　the　network.　Finally,　the　experimental　results　present　that　our　architecture　can　effectively　identify　the　abnormal　behavior　in　the　network　and　protect　the　network　security.　©　2018,　Springer　Nature　Switzerland　AG.