{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,8]],"date-time":"2026-03-08T22:18:46Z","timestamp":1773008326406,"version":"3.50.1"},"reference-count":56,"publisher":"Institution of Engineering and Technology (IET)","issue":"1","license":[{"start":{"date-parts":[[2025,8,26]],"date-time":"2025-08-26T00:00:00Z","timestamp":1756166400000},"content-version":"vor","delay-in-days":237,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/doi.wiley.com\/10.1002\/tdm_license_1.1"}],"funder":[{"DOI":"10.13039\/100020144","name":"Samsung Eletr\u00f4nica da Amaz\u00f4nia","doi-asserted-by":"publisher","award":["003"],"award-info":[{"award-number":["003"]}],"id":[{"id":"10.13039\/100020144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002322","name":"Coordena\u00e7\u00e3o de Aperfei\u00e7oamento de Pessoal de N\u00edvel Superior","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100002322","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003593","name":"Conselho Nacional de Desenvolvimento Cient\u00edfico e Tecnol\u00f3gico","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003593","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004916","name":"Funda\u00e7\u00e3o de Amparo \u00e0 Pesquisa do Estado do Amazonas","doi-asserted-by":"publisher","award":["2025\/2026"],"award-info":[{"award-number":["2025\/2026"]}],"id":[{"id":"10.13039\/501100004916","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["ietresearch.onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["IET Biometrics"],"published-print":{"date-parts":[[2025,1]]},"abstract":"<jats:p>Authentication in personal and corporate computer systems predominantly relies on login and password credentials, which are vulnerable to unauthorized access, especially when genuine users leave their devices unlocked. To address this issue, continuous authentication (CA) systems based on behavioral biometrics have gained attention. Traditional CA models leverage user\u2013device interactions, such as mouse movements, typing dynamics, and speech recognition. This paper introduces a novel approach that utilizes system performance counters\u2014attributes such as memory usage, CPU load, and network activity\u2014collected passively by operating systems (OSs), to develop a robust and low\u2010intrusive authentication mechanism. Our method employs a deep network architecture combining convolutional neural networks (CNNs) with long short\u2010term memory (LSTM) layers to analyze temporal patterns and identify unique user behaviors. Unlike traditional methods, performance counters capture subtle system\u2010level usage patterns that are harder to mimic, enhancing security and resilience to attacks. We integrate a trust model into the CA framework to balance security and usability by avoiding interruptions for genuine users while blocking impostors in real\u2010time. We evaluate our approach using two new datasets, COUNT\u2010SO\u2010I (26 users) and COUNT\u2010SO\u2010II (37 users), collected in real\u2010world scenarios without specific task constraints. Our results demonstrate the feasibility and effectiveness of the proposed method, achieving 99% detection accuracy (ACC) for impostor users within an average of 17.2\u2009s, while maintaining seamless user experiences. These findings highlight the potential of performance counter\u2013based CA systems for practical applications, such as safeguarding sensitive systems in corporate, governmental, and personal environments.<\/jats:p>","DOI":"10.1049\/bme2\/8262252","type":"journal-article","created":{"date-parts":[[2025,8,26]],"date-time":"2025-08-26T11:50:26Z","timestamp":1756209026000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A DeepConvLSTM Approach for Continuous Authentication Using Operational System Performance Counters"],"prefix":"10.1049","volume":"2025","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-2218-6648","authenticated-orcid":false,"given":"C\u00e9sar H. G.","family":"Andrade","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1479-1707","authenticated-orcid":false,"given":"Hendrio L. S.","family":"Bragan\u00e7a","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9777-3947","authenticated-orcid":false,"given":"Hor\u00e1cio","family":"Fernandes","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6401-3992","authenticated-orcid":false,"given":"Eduardo","family":"Feitosa","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0003-908X","authenticated-orcid":false,"given":"Eduardo","family":"Souto","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"265","published-online":{"date-parts":[[2025,8,26]]},"reference":[{"key":"e_1_2_14_1_2","doi-asserted-by":"publisher","DOI":"10.1504\/IJBM.2019.096574"},{"key":"e_1_2_14_2_2","doi-asserted-by":"crossref","unstructured":"OakR.andKhareM. A Novel Architecture for Continuous Authentication Using Behavioural Biometrics International Conference on Current Trends in Computer Electrical Electronics and Communication (CTCEEC\u201917) 2017 Mysore India IEEE 767\u2013771.","DOI":"10.1109\/CTCEEC.2017.8455040"},{"key":"e_1_2_14_3_2","doi-asserted-by":"crossref","unstructured":"OuchR. Garcia-ZapirainB. andYampolskiyR. Multimodal Biometrie Systems: A Systematic Review IEEE International Symposium on Signal Processing and Information Technology (ISSPIT\u201917) 2017 Bilbao Spain IEEE 439\u2013444.","DOI":"10.1109\/ISSPIT.2017.8388683"},{"key":"e_1_2_14_4_2","first-page":"2347","article-title":"Survey, Applications and Security of Keystroke Dynamics for User Authentication","volume":"6","author":"Sanghi A.","year":"2017","journal-title":"International Journal Of Computer & Mathematical Sciences IJCMS ISSN"},{"key":"e_1_2_14_5_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.03.005"},{"key":"e_1_2_14_6_2","doi-asserted-by":"crossref","unstructured":"MondalS.andBoursP. Combining Keystroke and Mouse Dynamics for Continuous User Authentication and Identification IEEE International Conference on Identity Security and Behavior Analysis (ISBA\u201916) 2016 Sendai Japan IEEE 1\u20138.","DOI":"10.1109\/ISBA.2016.7477228"},{"key":"e_1_2_14_7_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2014.12.045"},{"key":"e_1_2_14_8_2","unstructured":"BoursP.andMondalS. Continuous Authentication With Keystroke Dynamics The Norwegian Information Security Conference (NISK\u201909) 2009 Trondheim Norway IEEE 1\u201312."},{"key":"e_1_2_14_9_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2014.10.018"},{"key":"e_1_2_14_10_2","doi-asserted-by":"publisher","DOI":"10.1109\/TBIOM.2019.2918307"},{"key":"e_1_2_14_11_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-50371-0_7"},{"key":"e_1_2_14_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2022.3173149"},{"key":"e_1_2_14_13_2","doi-asserted-by":"crossref","unstructured":"LiC.andGaudiotJ.-L. Detecting Malicious Attacks Exploiting Hardware Vulnerabilities Using Performance Counters\u201d IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC\u201919) 2019 Milwaukee WI USA IEEE 588\u2013597.","DOI":"10.1109\/COMPSAC.2019.00090"},{"key":"e_1_2_14_14_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-016-0340-2"},{"key":"e_1_2_14_15_2","doi-asserted-by":"crossref","unstructured":"SongY. Ben SalemM. HershkopS. andStolfoS. J. System Level User Behavior Biometrics Using Fisher Features and Gaussian Mixture Models IEEE Security and Privacy Workshops 2013 IEEE 52\u201359.","DOI":"10.1109\/SPW.2013.33"},{"key":"e_1_2_14_16_2","doi-asserted-by":"crossref","unstructured":"ChenA. BrahmaP. andWuD. O. et al.Cross-Layer Personalization as a First-Class Citizen for Situation Awareness and Computer Infrastructure Security Proceedings of the 2016 New Security Paradigms Workshop (NSPW \u201916) 2016 Granby Colorado USA Association for Computing Machinery 23\u201335.","DOI":"10.1145\/3011883.3011888"},{"key":"e_1_2_14_17_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2016.11.031"},{"key":"e_1_2_14_18_2","volume-title":"The Norwegian Information Security Conference (NISK)","author":"Patrick B.","year":"2009"},{"key":"e_1_2_14_19_2","doi-asserted-by":"publisher","DOI":"10.1155\/2015\/470274"},{"key":"e_1_2_14_20_2","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1061"},{"key":"e_1_2_14_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2658539"},{"key":"e_1_2_14_22_2","doi-asserted-by":"crossref","unstructured":"CiliaD.andInguanezF. Multi-Model Authentication Using Keystroke Dynamics for Smartphones IEEE 8th International Conference on Consumer Electronics (ICCE\u201918-Berlin) 2018 Berlin Germany IEEE 1\u20136.","DOI":"10.1109\/ICCE-Berlin.2018.8576226"},{"key":"e_1_2_14_23_2","doi-asserted-by":"crossref","unstructured":"KaixinW. HongriL. BailingW. ShujieH. andjiaS. A User Authentication and Identification Model Based on Mouse Dynamics Proceedings of the 6th International Conference on Information Engineering (ICIE\u201917) 2017 Dalian Liaoning China Association for Computing Machinery 1\u20136.","DOI":"10.1145\/3078564.3078581"},{"key":"e_1_2_14_24_2","doi-asserted-by":"crossref","unstructured":"GaoL. LianY. andYangH. et al.Continuous Authentication of Mouse Dynamics Based on Decision Level Fusion International Wireless Communications and Mobile Computing (IWCMC) 2020 IEEE 210\u2013214 https:\/\/doi.org\/10.1109\/IWCMC48107.2020.9148499.","DOI":"10.1109\/IWCMC48107.2020.9148499"},{"key":"e_1_2_14_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCA.2010.2052602"},{"key":"e_1_2_14_26_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2012.02.066"},{"key":"e_1_2_14_27_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2018.02.020"},{"key":"e_1_2_14_28_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2018.03.056"},{"key":"e_1_2_14_29_2","doi-asserted-by":"publisher","DOI":"10.1155\/2013\/408280"},{"key":"e_1_2_14_30_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-97087-1_13"},{"key":"e_1_2_14_31_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3019467"},{"key":"e_1_2_14_32_2","doi-asserted-by":"publisher","DOI":"10.1145\/3733103"},{"key":"e_1_2_14_33_2","doi-asserted-by":"crossref","unstructured":"VuralE. HuangJ. HouD. andSchuckersS. Shared Research Dataset to Support Development of Keystroke Authentication\u201d IEEE International Joint Conference on Biometrics 2014 Clearwater FL USA IEEE 1\u20138.","DOI":"10.1109\/BTAS.2014.6996259"},{"key":"e_1_2_14_34_2","doi-asserted-by":"crossref","unstructured":"SunY. CekerH. andUpadhyayaS. Shared Keystroke Dataset for Continuous Authentication IEEE International Workshop on Information Forensics and Security (WIFS\u201916) Abu Dhabi United Arab Emirates 2016 IEEE 1\u20136.","DOI":"10.1109\/WIFS.2016.7823894"},{"key":"e_1_2_14_35_2","doi-asserted-by":"crossref","unstructured":"LocklearH. GovindarajanS. andSitovaZ. et al.Continuous Authentication With Cognition-Centric Text Production and Revision Features IEEE International Joint Conference on Biometrics 2014 Clearwater FL USA IEEE 1\u20138.","DOI":"10.1109\/BTAS.2014.6996227"},{"key":"e_1_2_14_36_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2010.08.003"},{"key":"e_1_2_14_37_2","doi-asserted-by":"crossref","unstructured":"MaghsoudiJ.andTappertC. C. A Behavioral Biometrics User Authentication Study Using Motion Data From Android Smartphones European Intelligence and Security Informatics Conference (EISIC\u201916) 2016 Uppsala Sweden IEEE 184\u2013187.","DOI":"10.1109\/EISIC.2016.047"},{"key":"e_1_2_14_38_2","doi-asserted-by":"publisher","DOI":"10.3390\/make4020023"},{"key":"e_1_2_14_39_2","doi-asserted-by":"publisher","DOI":"10.3390\/app11136083"},{"key":"e_1_2_14_40_2","doi-asserted-by":"publisher","DOI":"10.1145\/3640311"},{"key":"e_1_2_14_41_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11277-021-09363-6"},{"key":"e_1_2_14_42_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2022.108544"},{"key":"e_1_2_14_43_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2012.02.001"},{"key":"e_1_2_14_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/MITP.2013.50"},{"key":"e_1_2_14_45_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103596"},{"key":"e_1_2_14_46_2","doi-asserted-by":"crossref","unstructured":"OttK.andMahapatraR. Continuous Authentication of Embedded Software Proceedings of the 18th IEEE International Conference on Trust Security and Privacy in Computing and Communications\/13th IEEE International Conference on Big Data Science and Engineering (TrustCom\/BigDataSE) 2019 IEEE 128\u2013135.","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00026"},{"key":"e_1_2_14_47_2","doi-asserted-by":"publisher","DOI":"10.3390\/s16010115"},{"key":"e_1_2_14_48_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.dib.2023.109999"},{"key":"e_1_2_14_49_2","unstructured":"CesarA. HendrioB. andEduardoS. Performance Counter for Biometrics Authentication 2023 https:\/\/figshare.com\/articles\/dataset\/Performance_counter_for_biometrics_authentication\/24461230 https:\/\/doi.org\/10.6084\/m9.figshare.24461230.v3."},{"key":"e_1_2_14_50_2","doi-asserted-by":"crossref","unstructured":"EberzS. RasmussenK. B. LendersV. andMartinovicI. Evaluating Behavioral Biometrics for Continuous Authentication: Challenges and Metrics Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security 2017 Abu Dhabi United Arab Emirates Association for Computing Machinery 386\u2013399.","DOI":"10.1145\/3052973.3053032"},{"key":"e_1_2_14_51_2","doi-asserted-by":"publisher","DOI":"10.1049\/iet-bmt.2014.0070"},{"key":"e_1_2_14_52_2","unstructured":"International Organization for Standardization Information Technology\u2014Biometric Performance Testing and Reporting\u2014Part 1: Principles and Framework 2006 ISO\/IEC Standard No. 19795-1:2006https:\/\/www.iso.org\/standard\/41447.html."},{"key":"e_1_2_14_53_2","unstructured":"International Organization for Standardization Information Technology\u2014Biometric Performance Testing and Reporting\u2014Part 2: Testing Methodologies for Technology and Scenario Evaluation 2007 ISO\/IEC Standard No. 19795-2:2007https:\/\/www.iso.org\/standard\/41448.html."},{"key":"e_1_2_14_54_2","unstructured":"FIDO Alliance FIDO Technical Specifications https:\/\/fidoalliance.org\/specifications\/."},{"key":"e_1_2_14_55_2","doi-asserted-by":"crossref","unstructured":"JagadeesanH.andHsiaoM. S. A Novel Approach to Design of User Re-Authentication Systems IEEE 3rd International Conference on Biometrics: Theory Applications and Systems (BTAS) 2009 1\u20136.","DOI":"10.1109\/BTAS.2009.5339075"},{"key":"e_1_2_14_56_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2012.6263955"}],"container-title":["IET Biometrics"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/pdf\/10.1049\/bme2\/8262252","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/full-xml\/10.1049\/bme2\/8262252","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/pdf\/10.1049\/bme2\/8262252","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,8]],"date-time":"2026-03-08T20:19:41Z","timestamp":1773001181000},"score":1,"resource":{"primary":{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/10.1049\/bme2\/8262252"}},"subtitle":[],"editor":[{"given":"Vincenzo","family":"Conti","sequence":"additional","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]}],"short-title":[],"issued":{"date-parts":[[2025,1]]},"references-count":56,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1]]}},"alternative-id":["10.1049\/bme2\/8262252"],"URL":"https:\/\/doi.org\/10.1049\/bme2\/8262252","archive":["Portico"],"relation":{},"ISSN":["2047-4938","2047-4946"],"issn-type":[{"value":"2047-4938","type":"print"},{"value":"2047-4946","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1]]},"assertion":[{"value":"2023-11-09","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-06-30","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-08-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"8262252"}}