Proaasel: prospect theory based continuous authentication attribute selection model

Abstract

Existing continuous authentication models use a fixed set of attributes and do not consider the application specific requirements and associated vulnerabilities in their selection. Selecting appropriate attributes for continuous authentication is essentially a multi-criteria decision making process. Existing multi-criteria decision making models are less competent in providing a preference for each attribute in a set of possible attributes. In this paper we propose a utility based approach: PROAASEL, prospect theory based continuous authentication attribute selection model. The main assumption of our approach is the associated risks for each attribute are pre-defined in terms of known vulnerabilities. The main advantage of our model is the ability to select the attributes based on application specific risk characterizations. We have evaluated PROAASEL using CVE data from [1]. Furthermore, we compared the selection method with existing MCDM techniques TOPSIS and N-model for plausible application scenarios. The results reveal that PROAASEL is more expressive and offer more reliable selection when the associated risks are fixed.