Treffer: A Lightweight Behavioral Biometric Framework using Python and Flask for Continuous Authentication in Online Banking

Traditional authentication methods in online banking, such as passwords and OTPs, remain vulnerable to phishing, credential theft, and session hijacking. This thesis proposes a lightweight, behavior-based biometric authentication framework that leverages keystroke dynamics and mouse movement patterns to provide continuous user verification. Developed using Python and Flask, the framework captures real-time behavioral data during user interaction without interrupting the user experience. Collected metrics include typing speed, key pressure intervals, cursor trajectories, and click rhythms, which are processed using machine learning models trained to recognize genuine user behavior. The system integrates seamlessly with existing banking web applications, offering a passive second-factor authentication layer that operates continuously in the background. Flask APIs handle secure communication between client-side scripts and the backend, while session management is enhanced through behavior-driven confidence scoring. By dynamically validating the user's identity throughout the session, the framework mitigates risks associated with mid-session impersonation and unauthorized access. This approach emphasizes privacy, scalability, and ease of deployment, making it a practical solution for modern financial institutions seeking to enhance security without compromising usability. The experimental results demonstrate high accuracy and minimal latency, validating the feasibility of behavior-driven authentication in real-world banking environments