Correlating cognitive biometrics for continuous identify verification

What is claimed is: 1 . A method for continuous user authentication through real-time fusion and correlation of multiple factors, the method comprising: continuously obtaining monitored data from a computer, the monitored data being related to user actions on the computer of a user; analyzing, by a server, the monitored data of the computer to execute at least one of a windowing system event sequences modality, a network footprint modality, an application specific user actions modality, and a forensic linguistic analysis modality for the user; and authenticating the user on the computer based on a combination of the at least one of the windowing system event sequences modality, the network footprint modality, the application specific user actions modality, and the forensic linguistic analysis modality. 2 . The method of claim 1 , wherein the windowing system event sequences modality is configured to authenticate the user based on user operations in a windowing system based operating system on the computer. 3 . The method of claim 2 , wherein the windowing system event sequences modality is configured to categorize behavior of the user in the windowing system based operating system on the computer; and wherein categorizing the behavior of the user includes determining at least one of content selection strategies, determining application and desktop navigation strategies, determining text editing strategies, and determining context sensitive pop-up menus strategies. 4 . The method of claim 2 , wherein to authenticate the user, the windowing system event sequence modality applies factors, the factors include window manipulation which is how the user manipulates windowing system on the computer, menu access which is how the user accesses menus on the computer, and application launch sequence which is a sequence of operations performed by the user to launch an application on the computer. 5 . The method of claim 1 , wherein the network footprint modality is configured to monitor network activities on the computer to build a network fingerprint of user interactions with other entities on a communications network; and wherein the other entities include servers and computers. 6 . The method claim 5 , wherein the network activities include at least one of web browsing, email, file transfer, and remote desktop. 7 . The method of claim 1 , wherein, in order to generate a trained model, the application specific user actions modality is configured to measure what actions the user performs in a particular application and measure how the user invokes each command to perform the actions in the particular application; wherein the application specific user actions modality subsequently measures what actions the user performs in the particular application and measures how the user invokes each command to perform the actions in the particular application in order to generate a new model for subsequent measurements; and wherein the application specific user actions modality is configured to authenticate the user by determining that the new model deviates from the trained model by less than a predefined amount. 8 . The method of claim 7 , wherein the application specific user actions modality factors in a role, a task, and an expertise of the user. 9 . The method of claim 1 , wherein, in order to determine a previous score for the forensic linguistic analysis modality, the forensic linguistic analysis modality is configured to combine at least one of linguistic features, stylometric features, topical features, behavioral features, and contextual features all performed by the user; wherein the forensic linguistic analysis modality determines a new score by subsequently combining at least one of the linguistic features, the stylometric features, the topical features, the behavioral features, and the contextual features; and wherein the forensic linguistic analysis modality is configured to authenticate the user by determining that the new score deviates from the previous score by less than a predefined amount. 10 . The method of claim 9 , wherein the linguistic features comprise at least one of character n-gram statistics, phrase structure, usage of suffixes and prefixes, sequence of parts-of-speech in sentences, sentential complexity, grammatical errors, and syntactic parse tree; wherein the stylometric features comprise at least one of usage of function words, high frequency words and phrases, dialect, and sentence and paragraph lengths; wherein the topical features comprise at least one of keywords and phrases, named entities including person name and location name, and abbreviations; wherein the behavioral features comprise at least one of how the user uses keyboard, short-cut keys, keystroke patterns, and patterns of errors including spelling errors and punctuation errors, and a manner in which the user corrects the errors; and wherein the contextual features comprise at least one of applications including email client, instant messaging, text editor, and web browser, relationship with recipients of email, number of the recipients, and day and time of email creation. 11 . A computer program product for continuous user authentication through real-time fusion and correlation of multiple factors, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a server to cause the server to perform a method comprising: continuously obtaining monitored data from a computer, the monitored data being related to user actions on the computer of a user; analyzing, by the server, the monitored data of the computer to execute at least one of a windowing system event sequences modality, a network footprint modality, an application specific user actions modality, and a forensic linguistic analysis modality for the user; and authenticating the user on the computer based on a combination of at least one of the windowing system event sequences modality, the network footprint modality, the application specific user actions modality, and the forensic linguistic analysis modality. 12 . The computer program product of claim 11 , wherein the windowing system event sequences modality is configured to authenticate the user based on user operations in a windowing system based operating system on the computer. 13 . The computer program product of claim 12 , wherein the windowing system event sequences modality is configured to categorize behavior of the user in the windowing system based operating system on the computer; and wherein categorizing the behavior of the user includes determining at least one of content selection strategies, determining application and desktop navigation strategies, determining text editing strategies, and determining context sensitive pop-up menus strategies. 14 . The computer program product of claim 12 , wherein to authenticate the user, the windowing system event sequence modality applies factors, the factors include window manipulation which is how the user manipulates the windowing system on the computer, menu access which is how the user accesses menus on the computer, and application launch sequence which is a sequence of operations performed by the user to launch an application on the computer. 15 . The computer program product of claim 11 , wherein the network footprint modality is configured to monitor network activities on the computer to build a network fingerprint of user interactions with other entities on a communications network; and wherein the other entities include servers an