Time-Lapse Detection for Evolution of Trustworthy Network User Operation Behavior Using Bayesian Network

摘要

In the environment of human-computer interaction of information systems, people are paying more attention to user identity authentication based on operation behaviors. Behavior science research shows that each user has a his/her own behavioral pattern that reflects the unique habits, and maintains stability over a period. As known, most of the previous research have explored the user's behavior using static authentication models. However, the user's behavior is evolutionary, even the same user will develop different behavioral tendencies under various times and conditions (job position change or promotion, business content change, increase in age, etc.), causing the difficulty of user authentication under the evolution of user's behavior. This paper proposes a method named time-lapse detection attempting to establish the authentication model based on the evolution of user's behavior. We obtained the log data of several years period of the information system of a publishing house. Firstly, we extracted the data of employees' early operation behaviors and the Bayesian network is used to identify a detection model. Next, the behavior data are divided into multiple test sets according to the time series, and multiple authentication models are carried out to observe the change of authentication accuracy over time. The result shows that, for employees with stable positions and business content, the characteristics of their behavior patterns will change when the number of interactions increases. Moreover, the consequences of the initial detection model fluctuate to different degrees, reducing the accuracy of authentication. Therefore, in future we need to grasp the rules of user behavior and continue to optimize the existing authentication methods of information systems.