论文信息 - An anomaly detection model of user behavior based on similarity clustering

An anomaly detection model of user behavior based on similarity clustering

The ability to automatically detect anomaly user behavior to enhance system reliability is important for the system administrator. To achieve this objective, an anomaly user behavior detection model based on similarity clustering has been presented in this paper. The model consists of four components: data log collector, data log analyzer, profile storage and behavior detector. The data log collector is responsible of collecting the audit log of the system, and the data log analyzer executes a similarity clustering algorithm on the logs to establish the normal user behavior profile, which is stored in the profile storage. The behavior detector calculates the distance between the observing user behavior with the profile to determine whether the observing user behavior is anomaly. The algorithms of establishing profile and anomaly detection are also discussed in detail in the paper.

[1] Shikha Agrawal,et al. Survey on Anomaly Detection using Data Mining Techniques , 2015, KES.

[2] VARUN CHANDOLA,et al. Anomaly detection: A survey , 2009, CSUR.

[3] Pavel Berkhin,et al. A Survey of Clustering Data Mining Techniques , 2006, Grouping Multidimensional Data.

[4] Zhenguo Chen,et al. Anomaly Detection Based on Enhanced DBScan Algorithm , 2011 .

[5] Salvatore J. Stolfo,et al. Adaptive Intrusion Detection: A Data Mining Approach , 2000, Artificial Intelligence Review.

[6] Yang Shao-quan,et al. An Intrusion Detection System Based on Support Vector Machine , 2003 .

[7] Gulshan Kumar,et al. Survey on Data Mining Techniques in Intrusion Detection , 2012 .