Skip to main content

Problem Context

Traditional authentication systems rely on point-in-time validation, typically performed during login using passwords, tokens, or multi-factor authentication. Once authenticated, users are implicitly trusted for the duration of the session. This assumption no longer holds in modern enterprise environments where threats such as session hijacking, credential theft, insider misuse, and malware-driven account takeover are increasingly common.

Session-based authentication models are fundamentally reactive. They detect compromise only when credentials are reused or explicitly revoked, leaving a significant window of exposure after initial access is granted. In distributed and cloud-based systems, where sessions can span long durations and multiple services, this risk is further amplified.

Continuous authentication addresses this gap by validating user identity throughout an active session based on behavioral and contextual signals. However, implementing continuous authentication in practice is non-trivial. Single-modality approaches, such as keystroke dynamics or mouse behavior alone, often suffer from limited robustness, sensitivity to noise, and high false-positive rates. User behavior is inherently variable, influenced by context, workload, and environment, making reliance on a single signal unreliable.

Enterprise deployment introduces additional constraints. Continuous authentication systems must operate with low latency to avoid disrupting user experience, respect privacy and regulatory requirements, and scale across large user populations. They must also integrate cleanly with existing identity and access management platforms without introducing operational complexity or instability.

These challenges motivate the need for a multimodal approach that combines multiple behavioral and contextual signals to improve reliability and adaptability. By leveraging deep learning–based feature extraction and fusion, this work explores how continuous authentication can be made both effective and practical for enterprise identity systems.