SENTRY: A Conceptual Review of Behavioral and Cognitive Biometric Authentication

Abstract

Continuous user authentication is essential in modern digital systems to prevent session hijacking, identity misuse, and insider attacks. Conventional authentication mechanisms rely on one-time verification and fail to ensure security throughout an active session. To address this limitation, behavioral and cognitive biometrics offer a non-intrusive and adaptive approach to user authentication. This project presents a conceptual study of SENTRY, an adaptive behavioral– cognitive authentication framework designed for continuous user verification. The proposed system monitors user interaction patterns such as keystroke and mouse dynamics and integrates cognitive responses obtained through adaptive micro-challenges. Machine learning techniques are employed to model user behavior and detect anomalies, while a dynamic risk scoring mechanism enables real-time authentication decisions. The framework emphasizes usability, privacy awareness, and scalability, providing a robust foundation for secure and continuous authentication in modern computing environments.

Introduction

The text discusses the growing limitations of traditional authentication methods (like passwords and one-time verification), which fail to provide security after login, leaving systems vulnerable to threats such as identity theft and session hijacking. To address this, it introduces continuous authentication using behavioral biometrics (e.g., keystroke dynamics and mouse movements), though these can be unreliable due to behavioral variability.

To improve reliability, the proposed SENTRY framework integrates both behavioral and cognitive biometrics (such as reaction time and error correction). It combines continuous monitoring, adaptive micro-challenges, and machine learning–based risk scoring to enhance security while maintaining usability.

The literature review highlights that:

• Keystroke dynamics and behavioral biometrics are effective and non-intrusive.

• Machine learning improves user identification accuracy.

• Free-text input increases usability.

• Challenges like behavioral drift and privacy concerns remain.

• Existing systems lack a unified framework combining behavioral, cognitive, adaptive, and risk-based approaches.

The proposed system architecture includes:

1. Behavioral Data Capture – continuously collects user interaction data.

2. Cognitive Assessment & Risk Engine – evaluates cognitive responses and computes risk scores.

3. Authentication Management – makes access decisions based on risk levels.

The working methodology involves continuous data collection, feature extraction, cognitive testing via micro-challenges, machine learning analysis, dynamic risk scoring, and adaptive authentication decisions. It also includes audit logging and profile updates.

References

[1] P. Kasprowski, Z. Borowska, and K. Harezlak, \"Biometric Identification Based on Keystroke Dynamics,\" Sensors, vol. 22, no. 12, pp. 1–15, 2022. [2] S. Gupta, \"User Attribution in Digital Forensics through Modeling Keystroke and Mouse Usage Data Using XGBoost,\" International Journal of Computer Applications, vol. 184, no. 3, pp. 1–10, 2022. [3] J. Li, H.-C. Chang, and M. Stamp, \"Free-Text Keystroke Dynamics for User Authentication,\" IEEE Transactions on Information Forensics and Security, vol. 16, pp. 451–464, 2021. [4] N. Sae-Bae and N. Memon, \"Distinguishability of Keystroke Dynamic Template,\" IEEE Transactions on Biometrics, Behavior, and Identity Science, vol. 4, no. 1, pp. 28–40, 2022. [5] A. F. Baig and S. Eskeland, \"A Generic Privacy- Preserving Protocol for Keystroke Dynamics-Based Continuous Authentication,\" Computers & Security, vol. 115, pp. 102–123, 2022.

Copyright

Copyright © 2026 Fathimatul Sharafa, Mashrifa , Gopika V, Agraj M, Ms. Anagha M. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.