收录:
摘要:
Nowadays, access control to Web pages relay mostly on identification and authentication. After successful authentication, however, subsequent access may not necessarily be performed by the same user. Aimed at separating identity authentication and behavior authentication in open network environments, this paper proposes an access control method based on the analysis of user behavior in Web browsing as an additional access control mechanism to traditional identity authentication. The paper provides the definition of user behavior, uses browsing time and navigated path to determine the normality of user behavior based on the result of comparing the value calculated using a proposed algorithm with a threshold, thus modeling user behavior in both temporal and spatial dimensions. The proposed method relies on a database that contains the frequency of previous access to the path by the same user. Experiment shows that the proposed method can detect abnormal behavior while adapting to continuous changes in user behavior and can thus be used to prevent the theft of user accounts to improve network security. © 2017 IEEE.
关键词:
通讯作者信息:
电子邮件地址: