Smart Chatbot for User Authentication
Round 1
Reviewer 1 Report
The article is very interesting and examines a very relevant problem of authentication. Exploiting user behavior is a field that has been studied for a long time, but the detection of anomalous behavior as a way to authenticate a user has been studied relatively recently. Obviously, this method can only be used as one of the additional factors in multifactor authentication systems due to its accuracy limitations. Other very important aspects are the different behavior patterns of different users as well as issues related to privacy protection. These aspects should be discussed in more detail in the work. In the presented version, the authors give the impression that this method can replase passwords. In the literature review, it is not at all clear what the publications [20] and [21] have to do with the ongoing research.Author Response
Thank you for your feedback, especially with respect to the cited references. Upon review, references [20] and [21] were not suitable for the paper and have been removed. More discussion related to user privacy has been added, and it has been made more clear that AIAC is not intended as a replacement for passwords.
Author Response File: 
Author Response.pdf
Reviewer 2 Report
1. Although the research appears to be genuine, the flow of the paper is difficult to understand because it must be revisited to arrange the sections in accordance with the most recent authentication mechanism technologies. 2. There is no mathematical model with an adequate number of equations, and the provided algorithm lacks a clear explanation. 3. This work has several advantages, one of which is that it makes use of a (Just-in-time human dynamics-based authentication engine. It requires a clear explanation of why a particular mechanism is being used. 4. Given their high level of accuracy, should the aforementioned methods be investigated for any additional key component useful for elaboration? 5. Discuss the significance of using a Smart Chatbot in this study, as well as any limitations discovered. 6. Is it necessary to use a specific anomaly analysis when modelling and simulating the results with the article's tool? 7. It is recommended that you thoroughly investigate the authenticity of this set of BankSim payments simulator for performance metrics. 8. Is it necessary to track whether the selected anomaly was useful in distinguishing between genuine and fraudulent users? 9. Highlight any minor issues that can be fixed, as well as any disadvantages or limitations discovered during the experimentation. What is the proposed work's expanded scope? At the moment, authors claim that Something you know’ authentication is very convenientand accessible, as the authentication merely requires inputting the information you have
stored into your head, which can be done in seconds on almost any authentication
medium. .- Line No.30." and "This system, which we call Autonomous
Inquiry-based Authentication Chatbot (AIAC), will be a chatbot interacting
with the user which continuously generates new questions based off of
recent data, such that information used for authentication is quickly
rendered useless for exploitation by bad actors, even if they do learn
what it is.. - Line No. 56"
Below papers have some interesting implications that you
could discuss in your introduction part and explain it relating to
your work.
Kadiyala Ramana, Rajanikanth Aluvalu, Vinit Kumar Gunjan, Ninni Singh, M. Nageswara Prasadhu, "Multipath Transmission Control Protocol for Live Virtual Machine Migration in the Cloud Environment", Wireless Communications and Mobile Computing, vol. 2022, Article ID 2060875, 14 pages, 2022. https://doi.org/10.1155/2022/2060875
Gunjan, V.K., Prasad, P.S., Pathak, R., Kumar, A. (2020). Machine Learning Methods for Extraction and Classification for Biometric Authentication. In: Kumar, A., Paprzycki, M., Gunjan, V. (eds) ICDSMLA 2019. Lecture Notes in Electrical Engineering, vol 601. Springer, Singapore. https://doi.org/10.1007/978-981-15-1420-3_203
Cherukuri, S., Chenniboyena, R., Yarlagadda, D., Kolluru, V.R., Razia, S. (2022). Development of Raspberry Pibot Surveillance Security System. In: Garcia Diaz, V., Rincón Aponte, G.J. (eds) Confidential Computing. Advanced Technologies and Societal Change. Springer, Singapore. https://doi.org/10.1007/978-981-19-3045-4_9
Prashanthi, T., & Rajesh, T. (2020). Credibility Assessment of Twitter Data using Machine Learning Algorithms. Helix-The Scientific Explorer| Peer Reviewed Bimonthly International Journal, 10(03), 25-29.
Author Response
Thank you for your feedback, especially with respect to the papers you helpfully suggested. Unfortunately, it does not look like they would be sufficiently relevant for inclusion in the paper, but they were interesting reads nonetheless. I have redone the section surrounding Algorithm 1 in order to provide a clearer explanation, and added some clarification about the context and role of JitHDA in the project. The conclusion has also been slightly expanded to contain more information about possible improvements to the project.
To answer a few more of your comments: It is noteworthy that JitHDA is the system AIAC is helping create, rather than something AIAC is making use of. Accordingly, especially after discussions with the designer of JitHDA, I am confident that AIAC has gained all possible value from its interaction with JitHDA. The BankSim dataset we are using, as well as other applications that have used it, can be found in the Data Availability Statement at the end of the manuscript; if you have any concerns about the validity of the dataset, I hope that this assuages them. It would be possible, for the anomaly analysis, to use different methods at various stages in the paper. What we provided are methods that we believe to be ideal for the task, but it is indeed not necessary that they be those exact methods. Clarification has been added to the paper to this effect. With respect to tracking anomaly success, there is a meaningful purpose to it: one of the ways AIAC automatically improves its own functionality is by learning how to choose anomalies that make for more useful questions than others. AIAC can do this without any additional human effort by creating labeled data for itself from the observed results of its own operation.
Author Response File: Author Response.pdf
Reviewer 3 Report
The manuscript presents a novel authentication mechanism, i.e., a chatbot-based interactive question-answering system, in which the dialogue moves are built upon the users’ anomalous events gathered from recent activities. The proposed approach is well-demonstrated together with empirical evidence in the experimental evaluation. The perspectives of research-rationale and related-work discussion are also qualified. Further, the scientific writing/grammar is satisfied. I suggest author(s) improve two major issues to sharpen the contribution of the research work.
1. The correctness/feasibility of the authentication chatbot is highly relevant to the quality of user information/profile fed to it. The experiment demonstrated in this manuscript just presents a kind of dataset in the real-world context. Please elaborate on the limitation of the solution and the prerequisite/applicability in the different contexts.
2. The Experiment description (from Line 506) is mixed with the methodology part. Please separate it into another section and describe the experimental design thoroughly, especially the data-gathering mechanism.
Several minor issues:
1. (Lines 98-101) The statements for the paper structure in the Introduction are not aligned with the sections of the paper.
2. (Line 72) Please capitalize the first letter in each word of ‘JitHDA’.
3. (Line 78) It’s redundant to state the full name of JitHDA since it’s already mentioned in Line 72.
Author Response
Thank you for your feedback, especially with respect to the cited references. Truth be told, the paper was already structured with a dedicated Experiments section and I had just forgotten to give it a title. That, and the other minor flaws you mentioned have all been corrected. I've also expanded on the applicability of the system to make it more clear what needs to be in place for the system to function as described.
Author Response File: Author Response.pdf
