Soft Computing

, Volume 22, Issue 12, pp 3959–3981 | Cite as

A fuzzy decision support system for multifactor authentication

  • Arunava RoyEmail author
  • Dipankar Dasgupta
Methodologies and Application


Multifactor authentication (MFA) is a growing trend for the accurate identification of the legitimate users through different modalities such as biometrics, nonbiometric, and cognitive behavior metric. In this paper, we have developed an adaptive MFA that considers the effects of different user devices, media, environments, and the frequency of authentication to detect the legitimate user. For this purpose, initially, we have evaluated the trustworthiness values of all the authentication modalities in different user devices and media using a nonlinear programming problem with probabilistic constraints. Finally, an evolutionary strategy, using fuzzy “IF–THEN” rule and genetic algorithm has been developed for the adaptive selection of authentication modalities. We have done a numerical simulation to prove the effectiveness and efficiency of the proposed method. Moreover, we have developed a prototype client–server-based application and have done a detailed user study to justify its better usability than the existing counterparts.


Multifactor authentication (MFA) Authentication modalities Active authentication Fuzzy decision support system Genetic algorithm Optimal selection strategy 



The authors are also thankful to The University of Memphis, TN, USA and the National University of Singapore (NUS) for providing all the necessary supports to continue this research work. The authors are also thankful to the extremely learned reviewers for their valuable suggestions for the improvement of the paper.

Compliance with ethical standards

Conflict of interest

Author Dr. Arunava Roy declares that he has no conflict of interest. Author Prof. Dipankar Dasgupta declares that he has no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.


  1. Abramson M, Aha DW (2013) User authentication from web browsing behavior. FLAIRS conferenceGoogle Scholar
  2. Active Authentication, DARPA (2016)
  3. Brennan M, Afroz S, Greenstadt R (2012) Adversarial stylometry: circumventing authorship recognition to preserve privacy and anonymity. ACM Trans Inf Syst Secur (TISSEC) 15(3):12–22CrossRefGoogle Scholar
  4. Chatterjee S, Roy A (2014) Novel algorithms for web software fault prediction. Qual Reliab Eng Int (QREI). doi: 10.1002/qre.1687
  5. Chatterjee S, Roy A (2014b) Web software fault prediction under fuzzy environment using MODULO-M multivariate overlapping fuzzy clustering algorithm and newly proposed revised prediction algorithm. Appl Soft Comput 22:372–396CrossRefGoogle Scholar
  6. Chatterjee S, Singh JB, Roy A (2015) A structure-based software reliability allocation using fuzzy analytic hierarchy process. Int J Syst Sci 46(3):513–525MathSciNetCrossRefzbMATHGoogle Scholar
  7. Dasgupta D (1999) Artificial immune systems and their applications. Springer, BerlinCrossRefzbMATHGoogle Scholar
  8. Dasgupta D, McGregor DR (1993) sGA: A structured genetic algorithm. Department of Computer Science, University of Strathclyde, GlasgowGoogle Scholar
  9. Dasgupta D, Roy A, Nag A (2016) Toward the design of adaptive selection strategies for multi-factor authentication. Comput Secur. doi: 10.1016/j.cose.2016.09.0004
  10. Davis L (1991) Handbook of genetic algorithms. Van Nostrand Reinhold, New YorkGoogle Scholar
  11. Deb K, Pratap A, Agarwal S, Meyarivan TAMT (2002) A fast and elitist multi-objective genetic algorithm: NSGA-II. IEEE Trans Evol Comput 6:182–197CrossRefGoogle Scholar
  12. Deutschmann I, Lindholm J (2013) Behavioral biometrics for DARPA’s active authentication program. International conference of the biometrics special interest group (BIOSIG). IEEE, pp 1–8Google Scholar
  13. Duc NM, Minh BQ (2009) Your face is NOT your password Face Authentication By—Passing Lenovo–Asus–Toshiba. Black Hat BriefingsGoogle Scholar
  14. Feng J, Jain AK (2011) Fingerprint reconstruction: from minutiae to phase. IEEE Trans Pattern Anal Mach Intell 33(2):209–223CrossRefGoogle Scholar
  15. Gomez J, Dasgupta D, Gonzalez F (2003a) Detecting cyber attackswith fuzzy data mining techniques. In: Proceedings of the third SIAMinternational conference on data mining, pp 1–4Google Scholar
  16. Gomez J, Dasgupta D, Nasraoui O, Gonzalez F (2003b) Complete expression trees for evolving fuzzy classifier systems with genetic algorithms and application to network intrusion detection . In: Proceedings of the North American fuzzy information processing society (NAFIPS), pp 469–474Google Scholar
  17. Gomez J, Gonzalez F, Dasgupta D (2003c) An immune-fuzzy approach to anomaly detection. In: Proceedings of the twelfth IEEE international conference on fuzzy systems (FUZZIEEE), pp 1219–1224Google Scholar
  18. González F, Gómez J, Kaniganti M, Dasgupta D (2003) An evolutionary approach to generate fuzzy anomaly signatures. In: Proceedings of the fourth annual ieee information assurance workshop. West Point, New York, pp 251–259Google Scholar
  19. Guidorizzi RP (2003) Security: active authentication. IT Prof 15:4–7CrossRefGoogle Scholar
  20. Guntti D, Picardi C (2005) Keystroke analysis of free text. ACM Trans Inf Syst Secur 8:312–347CrossRefGoogle Scholar
  21. Hwang S, Lee H, Cho S (2006) Improving authentication accuracy of unfamiliar passwords with pauses and cues for keystroke dynamics-based authentication. In: Chen H, Wang FY, Yang CC, Zeng D, Chau M, Chang K (eds) Intelligence and security informatics. Lecture Notes in Computer Science, vol 3917. Springer, Berlin, Heidelberg, pp 73–78Google Scholar
  22. Jain AK, Feng J, Nandakumar K (2010) Fingerprint matching. Computer 43:36–44CrossRefGoogle Scholar
  23. Jain AK, Hong L, Pankanti S, Bolle R (1997) An identity authentication system using fingerprints. Proc. IEEE 85(9):1365–1388CrossRefGoogle Scholar
  24. Kang H, Slezak D (2010) Security technology. Disaster recovery and business continuity. Springer, BerlinGoogle Scholar
  25. Kang J, Nyang D, Lee K (2014) Two-factor face authentication using matrix permutation transformation and a user password. Inf Sci 269:1–20MathSciNetCrossRefGoogle Scholar
  26. Kaufmann A (1975) Introduction to the theory of fuzzy subsets. Academic Press, LondonzbMATHGoogle Scholar
  27. Lin IC, Chang CC (2009) A countable and time-bound password-based user authentication scheme for the applications of electronic commerce. Inf Sci 179:1269–1277MathSciNetCrossRefzbMATHGoogle Scholar
  28. Locklear H, Sitova Z, Govindarajan S, Goodkind A, Brizan DG, Gasti P (2014) Continuous authentication with cognition-centric text production and revision features. Presented at the international joint conference on biometrics (IJCB), ClearwaterGoogle Scholar
  29. Lucas B, Kanade T (1981) An integrative image registration technique with an application in stereo vision. In: Proceedings of the 7th international joint conference on artificial intelligence, pp 674–679Google Scholar
  30. Luenberger DG, Ye Y (2008) Linear and nonlinear programming. Springer, StanfordzbMATHGoogle Scholar
  31. Mamdani EH (1977) Application of fuzzy logic to approximate reasoning using linguistic synthesis. IEEE Trans Comput C–26:1182–1191CrossRefzbMATHGoogle Scholar
  32. Melanie M (1999) An introduction to genetic algorithms. MIT Press, CambridgezbMATHGoogle Scholar
  33. Nag A, Roy A, Dasgupta D (2015) An adaptive approach towards the selection of multi-factor authentication. In: 2015 IEEE symposium series on computational intelligence, pp 463–472Google Scholar
  34. Parziale G, Chen Y (2009) Advanced technologies for touchless fingerprint recognition. In: Tistarelli M, Li SZ, Chellappa R (eds) Handbook of Remote Biometrics, ser. Advances in Pattern Recognition, Springer, London, pp 83–109CrossRefGoogle Scholar
  35. Patel VM, Yeh T, Fathy ME, Zhang Y, Chen Y, Chellappa R, Davis L (2013) Screen fingerprints: a novel modality for active authentication. IT Prof 15(4):38–42CrossRefGoogle Scholar
  36. Primo A, Phoha VV, Kumar R, Serwadda A (2014) Context-aware active authentication using smartphone accelerometer measurements. In: IEEE conference on computer vision and pattern recognition (CVPR) workshopsGoogle Scholar
  37. Razzaq A, Latif K, Ahmad HF, Hur A, Anwar Z, Bloodsworth PC (2014) Semantic security against web application attacks. Inf Sci 254:19–38CrossRefGoogle Scholar
  38. Ross TJ (2010) Fuzzy logic and engineering applications. Wiley, New DelhiCrossRefGoogle Scholar
  39. Roy A (2015) A novel multivariate fuzzy time series based forecasting algorithm incorporating the effect of clustering on prediction. Soft Comput. doi: 10.1007/s00500-015-1619-3
  40. Serwadda A, Wang Z, Koch P, Govindarajan S, Pokala R, Goodkind A (2013) Scan-based evaluation of continuous keystroke authentication systems. IEEE IT Prof 15:20–23CrossRefGoogle Scholar
  41. Stewart JC, Monaco JV, Cha SH, Tappert CC (2011) An investigation of keystroke and Stylometry traits for authenticating online test takers. In: International joint conference on biometrics (IJCB). IEEE, pp 1–7Google Scholar
  42. Tanaka K (1996) An introduction to fuzzy logic for practical applications. Springer, BerlinzbMATHGoogle Scholar
  43. Tian Y, Kanade T, Cohn J (2000) Robust lip tracking by combining shape, color, and motion. In: Proceedings of ACCV’2000, pp 1040–1045Google Scholar
  44. Tian YL, Kanade T, Cohn JF (2001)Recognizing facial actions by combining geometric features and regional appearance patterns. Robotics Institute, Carnegie Mellon University, Pittsburgh, PA 15213, CMU-RI-TR-01-01, CMUGoogle Scholar
  45. Vielhauer C (2006) Biometric user authentication for IT security. Springer, BerlinGoogle Scholar
  46. Zadeh LA (1975) The concept of linguistic variable and its application to approximate reasoning, parts 1–3. Inform Sci 8(3):199–249, 301–357, 9:43–80Google Scholar
  47. Zi J, Dasgupta D (2009) V-detector: an efficient negative selection algorithm with “probably adequate” detector coverage. Inf Sci 179:1390–1406CrossRefGoogle Scholar
  48. Zimmermann HJ (1996) Fuzzy set theory and its applications. Allied, New DelhiCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2017

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of MemphisMemphisUSA
  2. 2.Department of Industrial and Systems EngineeringNational University of SingaporeSingaporeSingapore

Personalised recommendations