Trust Evaluation for Web Applications based on Behavioral Analysis

  • Luiz Fernando Rust C. Carmo
  • Breno G. de Oliveira
  • Augusto C. Braga
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 232)


This paper deals with a joint use of a trust evaluation approach and access control mechanisms for improving security in Web-usage. Trust evaluation is achieved by means of both behavioral evaluation and credentials exchange, in such way that transitions among different access policies are automatically fired whenever a user behavior is validated. Behavioral analysis uses machine-learning techniques to gain knowledge about users navigation tracks, creating a user signature to be compared with a current behavior of the respective user. This mechanism is validated through experimental evaluation.


Access Control Behavioral Analysis Trust Evaluation Trust Level Access Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    J. Lopez, R. Oppliger and G. Pernul, Authentication and authorization infrastructures (AAIs): a comparative survey, Computers & Security, 23 — 2004, Elsevier, pp. 578–590.CrossRefGoogle Scholar
  2. 2.
    H. Skogsrud, B. Benatallah and F. Casati, Model-Driven Trust Negotiation for Web Services, IEEE Internet Computing, 1089-7801/03, Nov/Dec 2003, pp. 45–52.Google Scholar
  3. 3.
    C. Platzer, Trust-based Security in Web Services, Master’s Thesis, Information Systems Institute, Technical University of Vienna, Austria, 2004.Google Scholar
  4. 4.
    J. Bacon, K. Moody and W. Yao, Access Control and Trust in The Use of Widely Distributed Services, Software-Practice Experience, 33, 2003, pp. 375–394.CrossRefGoogle Scholar
  5. 5.
    R. Tatyana, L. Zhou, C. Neuman, T. Leithead and K.E. Seamons, Adaptive trust negotiation and access control, In tenth ACM symposium on Access control models and technologies, ACM Press, Stockholm, Sweden, 2005.Google Scholar
  6. 6.
    F. Monrose and A. Rubin, Authentication via Keystroke Dynamics, In Fourth ACM Conference on Computer and Communication Security — CCS 97, Zurich, Switzerland, 1997, pp. 48–56Google Scholar
  7. 7.
    A. Guven, and I. Sogukpinar, Understanding Users’ Keystroke Patterns for Computer Access Security, Computers & Security, Elsevier, Vol. 22-8, 2003, pp. 695–706.CrossRefGoogle Scholar
  8. 8.
    A. Peacock, X. Ke and M. Wilkerson, Typing Patterns: A Key to User Identification, IEEE Security & Privacy, September/October, 2004, pp. 40–47.Google Scholar
  9. 9.
    M. Pusara and C.E. Brodley, (2004). “User Re-Authentication via Mouse Movements, In CCS Workshop on Visualization and Data Mining for Computer Security-VizSEC/DMSEC’04, ACM press, Washington, DC, USA, October, 2004.Google Scholar
  10. 10.
    T. Lane, and C. Brodley, Temporal Sequence Learning and Data Reduction for Anomaly Detection, ACM Transactions on Information and System Security, Vol. 2, No. 3, August, 1999, pp. 295–331.CrossRefGoogle Scholar
  11. 11.
    D.W. Aha, D. Kibler and M.K Albert, Instance-based learning algorithms”, Machine Learning, Kluwer Academic Publishers, Vol. 6, No 1, January, 1991, pp. 37–66.Google Scholar
  12. 12.
    M. El-Ramly and S. Stroulia, Analysis of Web-usage behavior for focused Web sites: a case study”, Journal of Software Maintenance and Evolution: Research and Practice, No. 16, 2004, pp. 129–150.Google Scholar
  13. 13.
    T. Lane, “Machine learning techniques for the computer security”. Ph.D. thesis, Purdue University, 2000.Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Luiz Fernando Rust C. Carmo
    • 1
  • Breno G. de Oliveira
    • 1
  • Augusto C. Braga
    • 1
  1. 1.Computer Center (NCE)Federal University of Rio de Janeiro (UFRJ)Rio de JaneiroBrasil

Personalised recommendations