Anomaly detection model of user behavior based on principal component analysis

  • Meng Bi
  • Jian Xu
  • Mo Wang
  • Fucai ZhouEmail author
Original Research


A new anomaly detection model which is based on principal component analysis (PCA) is proposed in this paper. Our schema proposes a method to extract the user’s behavior and analyzes the features selected as representative of the user’s access. The PCA method is introduced to the anomaly detection model which adopts its improvements to make it more consistent with anomaly detection system design to describe the user’s behavior more completely and to improve the efficiency and stability of the algorithm. This paper also uses our scheme to the anomaly detection of the database system. Finally, the data sets from the internet are used to test the feasibility of this model. The experimental results show that our model can detect normal and abnormal user behavior precisely and effectively.


Anomaly detection User behavior Principle component analysis 



The authors would like to thank the reviewers for their detailed reviews and constructive comments, which have helped improve the quality of this paper. This work was supported in part by the Liaoning Province Doctor Startup Fund under Grant NO.20141012, the Liaoning Province Science and Technology Projects under Grant No.2013217004, the Shenyang Province Science and Technology Projects under Grant No.F14-231-1-08, the Fundamental Research Funds for the Central Universities under. Grant No.N130317002.


  1. Bertino E, Kamra A, Terzi E, Vakali A (2005) Intrusion detection in rbac-administered databases. In: ACSAC 2005. IEEE, p 170–179Google Scholar
  2. Castiglione A, Pizzolante R, De Santis A, Carpentieri B, Castiglione A et al (2015) Cloud-based adaptive compression and secure management services for 3d healthcare data. Future Gener Comput Syst 1(43):120–134CrossRefGoogle Scholar
  3. Cui BJ, Liu ZL, Wang LY (2015) Key-aggregate searchable encryption (KASE) for group data sharing via cloud storage. IEEE Trans Comput. doi: 10.1109/TC.2015.2389959 Google Scholar
  4. Eesa AS, Orman Z, Adnan Brifcani AM (2015) A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst Appl 43(5):2670–2679CrossRefGoogle Scholar
  5. Esposito C, Ficco M, Palmieri F, Castiglione A (2013) Interconnecting federated clouds by using publish-subscribe service. Cluster computing 16(4):887–903CrossRefGoogle Scholar
  6. Esposito C, Ficco M, Palmieri F, Castiglione A (2015) Smart cloud storage service selection based on fuzzy logic, theory of evidence and game theory. IEEE Trans Comput. doi: 10.1109/TC.2015.2389952 Google Scholar
  7. Fiore U, Palmieri F, Castiglione A et al (2013) Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122:13–23CrossRefGoogle Scholar
  8. Goyal MK, Aggarwal A, Jain N (2012) Effect of change in rate of genetic algorithm operator on composition of signatures for misuse intrusion detection System. In: PDGC 2012. IEEE p 669–672Google Scholar
  9. Hu Y, Panda B (2004) A data mining approach for database intrusion detection. In:ACM Symposium on Applied Computing. ACM, p 711716Google Scholar
  10. Jonathan G (2015) Constrained principal component analysis and related techniques. J Appl Stat 42(4):209–222Google Scholar
  11. Lee DH, Kim Byunghun K, Kim KJ (2014) PCA in ERP environment using the misuse detection system design and implementation of RBAC permissions [J]. Multimed Tools Appl 73(2):601–615CrossRefGoogle Scholar
  12. Li DJ, Wang Q, Wang C, Cao N, Ren K, Lou WJ (2010) Fuzzy Keyword search over encrypted data in cloud computing. In: INFOCOM 2010. IEEE, p 441–445Google Scholar
  13. Li J, Chen XF, Li MQ, Li JW, Lee P, Lou WJ (2014a) Secure deduplication with efficient and reliable convergent key management. IEEE Trans Parallel Distrib Syst 25(6):1615–1625CrossRefGoogle Scholar
  14. Li J, Huang XY, Li JW, Chen XF, Xiang Y (2014b) Securely outsourcing attribute-based encryption with check ability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210CrossRefGoogle Scholar
  15. Liu ZL, Li JW, Li J, Jia CF (2014) SQL-based fuzzy query mechanism over encrypted databases. Int J Data Warehouse Min 10(4):71–87CrossRefGoogle Scholar
  16. Mathew S, Petropoulos M, Ngo H, Upadhyaya S (2010) A data-centric approach to insider attack detection in database systems. In: RAID 2010. Springer, p 382–401Google Scholar
  17. Meng WZ, Li WJ, Lam-For Kwok (2014) EFM: enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism. Comput Secur 43:189–204CrossRefGoogle Scholar
  18. Palmieri F, Fiore U, Castiglione A (2014) A distributed approach to network anomaly detection based on independent component analysis. Concurr Comput Pract Exp 26(5):1113–1129CrossRefGoogle Scholar
  19. Spalka A, Lehnhardt J (2005) A comprehensive approach to anomaly detection in relational databases. In: 19th Annual IFIP WG 11.3 Working conference on data and applications security. Springer, p 207–221Google Scholar
  20. Tarek S, Abdulsalam B, Elhadi S (2014) A3ACKs: adaptive three acknowledgments intrusion detection system for MANETs. J Ambient Intell Humaniz Comput 5(4):611–620CrossRefGoogle Scholar
  21. Wu GZ, Osborn SL, Jin X (2009) Database intrusion detection using role profiling with role hierarchy. In: SDM 2009. Springer, p 33–48Google Scholar
  22. Xie M, Hu JK, Guo S (2015) Segment-Based Anomaly Detection with Approximated Sample Covariance Matrix in Wireless Sensor Networks. IEEE Trans Parallel Distrib Syst 26(2):573–584CrossRefGoogle Scholar
  23. Yao QS, An AJ, Huang XJ (2005) Finding and analyzing database user sessions. In: DASFAA 2005. Springer, p 851–862Google Scholar
  24. Yulevich Y, Pyasik A, Gorelik L (2012) Anomaly Detection Algorithms on IBM InfoSphere Streams: Anomaly Detection for Data in Motion. In: ISPA 2012. IEEE, p 301–308Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.Software CollegeNortheastern UniversityShenyangChina
  2. 2.Shenyang University of TechnologyShenyangChina
  3. 3.State Key Laboratory of Information, Security Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  4. 4.Software CollegeJilin UniversityJilinChina

Personalised recommendations