{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T21:38:10Z","timestamp":1771018690083,"version":"3.50.1"},"reference-count":21,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2020,6,16]],"date-time":"2020-06-16T00:00:00Z","timestamp":1592265600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,6,16]],"date-time":"2020-06-16T00:00:00Z","timestamp":1592265600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2021,4]]},"DOI":"10.1007\/s10207-020-00510-x","type":"journal-article","created":{"date-parts":[[2020,6,16]],"date-time":"2020-06-16T08:03:03Z","timestamp":1592294583000},"page":"181-197","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":22,"title":["Combining behavioral biometrics and session context analytics to enhance risk-based static authentication in web applications"],"prefix":"10.1007","volume":"20","author":[{"given":"Jesus","family":"Solano","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luis","family":"Camacho","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alejandro","family":"Correa","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Claudio","family":"Deiro","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Javier","family":"Vargas","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7816-5775","authenticated-orcid":false,"given":"Mart\u00edn","family":"Ochoa","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,6,16]]},"reference":[{"key":"510_CR1","unstructured":"Perrig, A.: Shortcomings of password-based authentication. In: 9th USENIX Security Symposium, vol. 130. ACM (2000)"},{"key":"510_CR2","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1145\/2699390","volume":"58","author":"J Bonneau","year":"2014","unstructured":"Bonneau, J., Herley, C., Stajano, F.M., et al.: Passwords and the evolution of imperfect authentication. Commun. ACM 58, 78\u201387 (2014)","journal-title":"Commun. ACM"},{"key":"510_CR3","unstructured":"Newman, L.: Hacker Lexicon: What is Credential Stuffing? Wired Magazine (2019). https:\/\/www.wired.com\/story\/what-is-credential-stuffing\/. Accessed 12 Sept 2019"},{"key":"510_CR4","unstructured":"Kaspersky: Zeus malware. Online (2019). https:\/\/usa.kaspersky.com\/resource-center\/threats\/zeus-virus. Accessed 12 Sept 2019"},{"key":"510_CR5","doi-asserted-by":"crossref","unstructured":"Alaca, F., Van\u00a0Oorschot, P.C.: Device fingerprinting for augmenting web authentication: classification and analysis of methods. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 289\u2013301. ACM (2016)","DOI":"10.1145\/2991079.2991091"},{"key":"510_CR6","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/978-0-387-77322-3_5","volume-title":"Insider Attack and Cyber Security","author":"MB Salem","year":"2008","unstructured":"Salem, M.B., Hershkop, S., Stolfo, S.J.: A survey of insider attack detection research. In: Stolfo, S.J., Bellovin, S.M., Keromytis, A.D., Hershkop, S., Smith, S.W., Sinclair, S. (eds.) Insider Attack and Cyber Security, pp. 69\u201390. Springer, Boston (2008)"},{"issue":"1","key":"510_CR7","first-page":"81","volume":"1","author":"RV Yampolskiy","year":"2008","unstructured":"Yampolskiy, R.V., Govindaraju, V.: Behavioural biometrics: a survey and classification. Int. J. Biom. 1(1), 81\u2013113 (2008)","journal-title":"Int. J. Biom."},{"key":"510_CR8","doi-asserted-by":"crossref","unstructured":"Zheng, N., Paloski, A., Wang, H.: An efficient user verification system via mouse movements. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 139\u2013150. ACM (2011)","DOI":"10.1145\/2046707.2046725"},{"key":"510_CR9","doi-asserted-by":"crossref","unstructured":"Mondal, S., Bours, P.: Combining keystroke and mouse dynamics for continuous user authentication and identification. In: 2016 IEEE International Conference on Identity, Security and Behavior Analysis (ISBA), pp. 1\u20138. IEEE (2016)","DOI":"10.1109\/ISBA.2016.7477228"},{"key":"510_CR10","doi-asserted-by":"crossref","unstructured":"Shen, C., Cai, Z., Guan, X., Wang, J.: On the effectiveness and applicability of mouse dynamics biometric for static authentication: a benchmark study. In: 2012 5th IAPR International Conference on Biometrics (ICB) (2012)","DOI":"10.1109\/ICB.2012.6199780"},{"key":"510_CR11","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-29729-9_1","volume-title":"Applied Cryptography and Network Security Workshops","author":"J Solano","year":"2019","unstructured":"Solano, J., Camacho, L., Correa, A., Deiro, C., Vargas, J., Ochoa, M.: Risk-based static authentication in web applications with behavioral biometrics and session context analytics. In: Zhou, J., Deng, R., Li, Z., Majumdar, S., Meng, W., Wang, L., Zhang, K. (eds.) Applied Cryptography and Network Security Workshops, pp. 3\u201323. Springer, Berlin (2019)"},{"key":"510_CR12","doi-asserted-by":"publisher","DOI":"10.22667\/JOWUA.2018.03.31.054","author":"A Harilal","year":"2018","unstructured":"Harilal, A., Toffalini, F., Homoliak, I., Castellanos, J., Guarnizo, J., Mondal, S., Ochoa, M.: The wolf of SUTD (twos): a dataset of malicious insider threat behavior based on a gamified competition. J. Wirel. Mob. Netw. (2018). https:\/\/doi.org\/10.22667\/JOWUA.2018.03.31.054","journal-title":"J. Wirel. Mob. Netw."},{"key":"510_CR13","doi-asserted-by":"crossref","unstructured":"Traore, I., Woungang, I., Obaidat, M.S., Nakkabi, Y., Lai, I.: Combining mouse and keystroke dynamics biometrics for risk-based authentication in web environments. In: 2012 Fourth International Conference on Digital Home (2012)","DOI":"10.1109\/ICDH.2012.59"},{"key":"510_CR14","first-page":"055","volume":"6","author":"RG Swati Gurav","year":"2017","unstructured":"Swati Gurav, R.G., Mhangore, S.: Combining keystroke and mouse dynamics for user authentication. Int. J. Emerg. Trends Technol. Comput. Sci. (IJETTCS) 6, 055\u2013058 (2017)","journal-title":"Int. J. Emerg. Trends Technol. Comput. Sci. (IJETTCS)"},{"key":"510_CR15","doi-asserted-by":"publisher","unstructured":"Cao, Y., Li, S., Wijmans, E.: (Cross-)browser fingerprinting via OS and hardware level features. In: NDSS (2017). https:\/\/doi.org\/10.14722\/ndss.2017.23152","DOI":"10.14722\/ndss.2017.23152"},{"key":"510_CR16","unstructured":"Nakibly, G., Shelef, G., Yudilevich, S.: Hardware fingerprinting using HTML5 (2015). arXiv:1503.01408v3"},{"key":"510_CR17","doi-asserted-by":"crossref","unstructured":"Sanchez-Rola, I., Santos, I., Balzarotti, D.: Clock around the clock: time-based device fingerprinting. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1502\u20131514 (2018)","DOI":"10.1145\/3243734.3243796"},{"issue":"2","key":"510_CR18","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1109\/TDSC.2005.26","volume":"2","author":"T Kohno","year":"2005","unstructured":"Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting. IEEE Trans. Dependable Secure Comput. 2(2), 93\u2013108 (2005)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"510_CR19","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1016\/j.cose.2014.03.005","volume":"43","author":"KO Bailey","year":"2014","unstructured":"Bailey, K.O., Okolica, J.S., Peterson, G.L.: User identification and authentication using multi-modal behavioral biometrics. Comput. Secur. 43, 77\u201389 (2014)","journal-title":"Comput. Secur."},{"key":"510_CR20","doi-asserted-by":"crossref","unstructured":"Misbahuddin, M., Bindhumadhava, B.S., Dheeptha, B.: Design of a risk based authentication system using machine learning techniques. In: 2017 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computed, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation, pp. 1\u20136 (2017)","DOI":"10.1109\/UIC-ATC.2017.8397628"},{"key":"510_CR21","doi-asserted-by":"crossref","unstructured":"Solano, J., Tengana, L., Castelblanco, A., Rivera, E., Lopez, C., Ochoa, M.: A few-shot practical behavioral biometrics model for login authentication in web applications. In: NDSS Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb\u201920) (2020)","DOI":"10.14722\/madweb.2020.23011"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-020-00510-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-020-00510-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-020-00510-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,6,15]],"date-time":"2021-06-15T23:09:51Z","timestamp":1623798591000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-020-00510-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,16]]},"references-count":21,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2021,4]]}},"alternative-id":["510"],"URL":"https:\/\/doi.org\/10.1007\/s10207-020-00510-x","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,6,16]]},"assertion":[{"value":"16 June 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with ethical standards"}},{"value":"All authors were Cyxtera employees (now AppGate Inc.) at the time of writing this manuscript and declare no conflict of interest. Parts of this study use the TWOS dataset, which is a public dataset based on the behaviour of 24 students during a gamified experiment and shared in an anonymized fashion by the Singapore University of Technology and Design. Authors of the original study obtained SUTD\u2019s IRB consent to carry out and share the data used in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"In this work we also used a proprietary dataset of log-in contextual information (based on HTTP parameters), that was anonymized and which cannot be associated with any particular individual. Moreover, we only disclose aggregated results based on this dataset. So in sum all procedures performed in studies involving human participants were in accordance with the ethical standards of the institutional research committee and with the 1964 Helsinki declaration and its later amendments or comparable ethical standards.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical standard"}}]}}