The BehavioSec solution consists of two parts:
- User device The user device collects behavioral data and passes this on to the BehavioSec service, via nevisDetect. The collection of the data is done by the BehavioSec SDK, which therefore needs to be integrated into the client application. For more information, see the BehavioSec Developer Portal.
- BehavioSec service The BehavioSec service builds a user profile out of the data from the user device. When it has collected enough data, the BehavioSec service assigns various scores to a HTTP request. These scores have values within the range of 0.0 to 1.0. They are "similarity" scores: The higher the score, the more the HTTP request matches the trained user profile. The BehavioSec plug-in converts the BehavioSec similarity scores into nevisDetect risk scores: risk-scorenevisDetect = (1 - similarity-scoreBehaviosSec )
Which data BehavioSec collects, depends on the type of application:
- In case of a web application, the collected data is related to the mouse movement and the typing of the user.
- In case of a mobile application, BehavioSec collects additional data from the device's gyroscope and accelerometer.
The BehavioSec plug-in delivers three different kinds of risk scores:
- The BehavioSecTransaction risk score is based on the behavioral data of the actual HTTP request.
- The BehavioSecSession risk score is based on the behavioral data of all HTTP requests in the current session.
- The BehavioSecRisk risk score is an aggregation of the BehavioSecTransaction and BehavioSecSession risk score, taking into account additional, non-behavioral data (available with BehavioSec v4.3 or above).
For more details, visit the BehavioSec Homepage.