ADVANCED REVIEW Continuous authentication using biometrics: An advanced review Gabriel Dahia | Leone Jesus | Maurício Pamplona Segundo Department of Computer Science, Universidade Federal da Bahia, Brazil Correspondence Maurício Pamplona Segundo, Department of Computer Science, Universidade Federal da Bahia, Salvador, Brazil. Email: mauriciops@ufba.br Abstract The shortcomings of conventional access control systems for high-security environments have led to the concert of continuous authentication. Contrary to traditional verification, in which users are authenticated only once at the start of their session, continuous authentication systems regularly check users' identities to prevent hijackings. The challenges in this area involve balancing the security of protected assets by quickly detecting intruders with the system usability for genuine users. Biometric recognition plays a major role within this context, as it is the main way to assure that users are who they claim to be. A comparative analysis of the latest works revealed different aspects of this problem. First, some biometrics traits among those applied for continuous authentication are more suitable for this task than others. Second, systems combining multiple traits have advantages over those relying on a single one. Finally, many works fail to report proper evaluation metrics. With this in mind, we were able to identify new opportunities for researchers in the field. We highlight the potential for mining new datasets on the internet, which would benefit validation and benchmarking, and how recent deep learning techniques could address some of the open challenges in the area. This article is categorized under: Technologies > Prediction Technologies > Machine Learning Application Areas > Science and Technology KEYWORDS Access control, biometric recognition, continuous authentication 1 | INTRODUCTION The protection of different resources, such as valuable assets, facilities or information, against malevolent acts (e.g., theft, sabotage, vandalism) is an old human concern that led to the creation and development of access control methods. Access control consists of recognizing authorized users—people that meet the necessary conditions to manage or use a resource—and defining what resources a user is allowed to use (Sandhu & Samarati, 1994). The research community has proposed using biometric recognition, or biometrics, to improve the security in access control systems. This is because previous authentication methods, like passwords, keys, and cards, are much easier to circumvent. Besides the possibility of losing or forgetting authentication forms based on knowledge or objects, they can Received: 30 September 2019 Revised: 10 January 2020 Accepted: 22 February 2020 DOI: 10.1002/widm.1365 WIREs Data Mining Knowl Discov. 2020;e1365. wires.wiley.com/dmkd © 2020 Wiley Periodicals, Inc. 1 of 23 https://doi.org/10.1002/widm.1365