Access to a variety of Internet of Things networks can be achieved through end-user devices such as smartphones or tablets. However, these devices are susceptible to theft, loss or unauthorized access. Although end-user devices are equipped with different means of authentication such as fingerprint readers, these methods are only employed at the time of access. Hence, an effective authentication mechanism that continuously authenticates users in the background is required in order to detect unauthorized access. A rich set of information can be extracted from end-user devices and utilized in the background to continuously authenticate users without requiring further intervention. As an example, the ability to continuously retrieve application usage profiles and sensor data on such devices strengthens the argument for employing behavioral-based mechanisms for continuous user authentication. This paper, which discusses behavioral-based authentication mechanisms with regard to security and usability, presents a user authentication model based on app access and network generated traffic patterns while accessing apps, utilizing a small amount of information. To validate our model, we use a public real-world dataset collected, in an uncontrolled manner, from real users over a long time period. The presented model can authenticate users with a minimum F-measure of 98%, utilizing both access time patterns and network traffic patterns. Overall, the results are promising, and the achieved high degree of accuracy proves the effectiveness and usability of the proposed model.

可以通过智能手机或平板电脑等最终用户设备来访问各种物联网网络。但是，这些设备容易被盗，丢失或未经授权的访问。尽管最终用户设备配备了不同的身份验证手段（例如指纹读取器），但是这些方法仅在访问时使用。因此，为了检测未经授权的访问，需要一种在后台连续验证用户身份的有效验证机制。可以从最终用户设备中提取大量信息，并在后台使用它们来连续认证用户，而无需进一步干预。举个例子，连续检索此类设备上的应用程序使用情况配置文件和传感器数据的能力加强了采用基于行为的机制进行连续用户身份验证的论点。本文讨论了有关安全性和可用性的基于行为的身份验证机制，提出了一种基于身份验证的用户身份验证模型，该模型基于应用程序访问和网络访问流量，同时利用少量信息访问应用程序。为了验证我们的模型，我们使用了公开的真实世界数据集，该数据集是在很长一段时间内以不受控制的方式从真实用户那里收集的。所提出的模型可以利用访问时间模式和网络流量模式，以至少98％的F度量对用户进行身份验证。总体而言，结果令人鼓舞，