Access control to web pages based on user browsing behavior

Abstract

Nowadays, access control to Web pages relay mostly on identification and authentication. After successful authentication, however, subsequent access may not necessarily be performed by the same user. Aimed at separating identity authentication and behavior authentication in open network environments, this paper proposes an access control method based on the analysis of user behavior in Web browsing as an additional access control mechanism to traditional identity authentication. The paper provides the definition of user behavior, uses browsing time and navigated path to determine the normality of user behavior based on the result of comparing the value calculated using a proposed algorithm with a threshold, thus modeling user behavior in both temporal and spatial dimensions. The proposed method relies on a database that contains the frequency of previous access to the path by the same user. Experiment shows that the proposed method can detect abnormal behavior while adapting to continuous changes in user behavior and can thus be used to prevent the theft of user accounts to improve network security.