Using relevance of intrusions to reduce false positives in anomaly detection

Aimed at the shortcomings of anomaly detection for a high false positive rate,an algorithm is proposed to reduce false positives.This algorithm is based on the invasion of activities must rely on a variety of acts with each other to complete the characteristics of abnormal behavior for the user.When the abnormal behavior is not enough to confirm the case for the invasion,to prevent false positives,by analyzing the user within a period of time existence of an act with the implementation of follow-up to the invasion possible to infer the user whether a comprehensive intruders,the purpose of reducing false positives is realized.