A Trust-Aware Authentication Framework for Preventing Account Takeover Attacks in E-Commerce Platforms
Keywords:
Artificial Intelligence (AI), E-Commerce Security, Account Takeover Attacks (ATO), Trust-Aware Authentication, Behavioral Biometrics, Anomaly DetectionAbstract
The rapid expansion of e-commerce platforms has transformed the global digital economy, enabling convenient online transactions for millions of users. However, this growth has also increased exposure to cybersecurity threats, particularly Account Takeover (ATO) attacks, where malicious actors gain unauthorized access to legitimate user accounts. These attacks commonly exploit compromised credentials, phishing campaigns, and automated credential stuffing techniques, leading to financial loss, privacy breaches, and erosion of user trust in digital commerce systems. Traditional authentication mechanisms, especially password-based systems, are increasingly inadequate in defending against these evolving threats. This study proposes a Trust-Aware Authentication Framework designed to prevent account takeover attacks in e-commerce platforms by integrating artificial intelligence, behavioral analytics, and contextual risk evaluation. The proposed framework analyzes multiple authentication factors, including user behavioral patterns, device attributes, login location, and temporal activity patterns. A dynamic trust score is computed by combining behavioral similarity metrics, contextual reliability indicators, and anomaly detection outputs generated by machine learning models. Based on the computed trust score, the system employs an adaptive authentication strategy that allows seamless access for legitimate users while triggering additional verification procedures for suspicious login attempts. To evaluate the effectiveness of the proposed framework, multiple machine learning algorithms, including Isolation Forest, Random Forest, and Neural Networks, were implemented for anomaly detection. Experimental results demonstrate that the proposed framework significantly improves the detection rate of suspicious login activities compared with conventional authentication approaches such as password-based and multi-factor authentication systems. The results further indicate that integrating behavioral biometrics and contextual intelligence enhances the accuracy of identifying malicious login attempts while maintaining a user-friendly authentication process. The findings of this research highlight the potential of AI-driven authentication systems to strengthen cybersecurity in e-commerce environments. The proposed trust-aware framework provides a scalable and adaptive solution capable of mitigating account takeover attacks while preserving usability and trust in online commerce platforms.
Downloads
References
S. Vinberg et al., "2021 credential stuffing report," ed: Feb, 2021.
M. Haodong, L. Chunhua, Z. Yu, Y. Kang, and F. Linyao, "Capacity configuration of solar-based battery-hydrogen hybrid energy storage for microgrids," in 2022 China Automation Congress (CAC), 2022: IEEE, pp. 5346-5350.
H. Hellaoui, A. Bouabdallah, and M. Koudil, "Tas-iot: trust-based adaptive security in the iot," in 2016 IEEE 41st conference on local computer networks (LCN), 2016: IEEE, pp. 599-602.
Z. T. Pritee, M. H. Anik, S. B. Alam, J. R. Jim, M. M. Kabir, and M. F. Mridha, "Machine learning and deep learning for user authentication and authorization in cybersecurity: A state-of-the-art review," Computers & Security, vol. 140, p. 103747, 2024.
S. Oduri, "Continuous authentication and behavioral biometrics: Enhancing cybersecurity in the digital era," International Journal of Innovative Research in Science Engineering and Technology, vol. 13, no. 7, pp. 13632-13640, 2024.
K. Shobha, A. Kathal, A. Singh, U. Krish, and M. Gupta, "AI-Powered Behavioral Biometrics for Continuous Authentication," in 2025 3rd International Conference on Smart Systems for applications in Electrical Sciences (ICSSES), 2025: IEEE, pp. 1-8.
Z. Zhang et al., "Identifying e-commerce fraud through user behavior data: Observations and insights," Data Science and Engineering, vol. 10, no. 1, pp. 24-39, 2025.
N. Ahmed, M. E. Hossain, Z. Hossain, M. F. Kabir, and I. S. Hossain, "Machine learning-driven adaptive authentication: strengthening cybersecurity against high-volume data breaches," Formosa Journal of Multidisciplinary Research, vol. 4, no. 2, pp. 949-966, 2025.
P. Soni and M. Sahoo, "Multi-factor authentication security framework in cloud computing," International Journal of Advanced Research in Computer Science and Software Engineering, vol. 5, no. 1, pp. 1065-1071, 2015.
K. I. Ahmed, M. Tahir, S. L. Lau, M. H. Habaebi, A. Ahad, and A. Mughees, "Trust-aware authentication and authorization for IoT: A federated machine learning approach," IEEE Internet of Things Journal, vol. 12, no. 8, pp. 9889-9904, 2024.
A. Tariq, "Tracking for good: Finding behavioral biometrics on the web using static taint analysis," 2025.
H. Ramamoorthy, S. Gupta, and S. Sundaram, "Distributed online life-long learning (DOL3) for multi-agent trust and reputation assessment in E-commerce," arXiv preprint arXiv:2410.16529, 2024.
H. Farrukh, S. Zafar, Z. U. Rehman, A. A. Shah, and N. Alshammry, "Blockchain-Based Fraud Detection: A Comparative Systematic Literature Review of Federated Learning and Machine Learning Approaches," Electronics, vol. 14, no. 24, p. 4952, 2025.
W. Liang and F. Hamzah, "Behavioral biometrics and AI for cloud user authentication," ed, 2025.
M. M. Kamol, M. S. Siddiky, F. Anwar, A.-M. Khan, and A. Salam, "Credentials stuffing attack prevention using machine learning," in 2024 27th International Conference on Computer and Information Technology (ICCIT), 2024: IEEE, pp. 2899-2904.
