Anomaly detection model of user behavior based on principal component analysis
- 538 Downloads
A new anomaly detection model which is based on principal component analysis (PCA) is proposed in this paper. Our schema proposes a method to extract the user’s behavior and analyzes the features selected as representative of the user’s access. The PCA method is introduced to the anomaly detection model which adopts its improvements to make it more consistent with anomaly detection system design to describe the user’s behavior more completely and to improve the efficiency and stability of the algorithm. This paper also uses our scheme to the anomaly detection of the database system. Finally, the data sets from the internet are used to test the feasibility of this model. The experimental results show that our model can detect normal and abnormal user behavior precisely and effectively.
KeywordsAnomaly detection User behavior Principle component analysis
The authors would like to thank the reviewers for their detailed reviews and constructive comments, which have helped improve the quality of this paper. This work was supported in part by the Liaoning Province Doctor Startup Fund under Grant NO.20141012, the Liaoning Province Science and Technology Projects under Grant No.2013217004, the Shenyang Province Science and Technology Projects under Grant No.F14-231-1-08, the Fundamental Research Funds for the Central Universities under. Grant No.N130317002.
- Bertino E, Kamra A, Terzi E, Vakali A (2005) Intrusion detection in rbac-administered databases. In: ACSAC 2005. IEEE, p 170–179Google Scholar
- Goyal MK, Aggarwal A, Jain N (2012) Effect of change in rate of genetic algorithm operator on composition of signatures for misuse intrusion detection System. In: PDGC 2012. IEEE p 669–672Google Scholar
- Hu Y, Panda B (2004) A data mining approach for database intrusion detection. In:ACM Symposium on Applied Computing. ACM, p 711716Google Scholar
- Jonathan G (2015) Constrained principal component analysis and related techniques. J Appl Stat 42(4):209–222Google Scholar
- Li DJ, Wang Q, Wang C, Cao N, Ren K, Lou WJ (2010) Fuzzy Keyword search over encrypted data in cloud computing. In: INFOCOM 2010. IEEE, p 441–445Google Scholar
- Mathew S, Petropoulos M, Ngo H, Upadhyaya S (2010) A data-centric approach to insider attack detection in database systems. In: RAID 2010. Springer, p 382–401Google Scholar
- Spalka A, Lehnhardt J (2005) A comprehensive approach to anomaly detection in relational databases. In: 19th Annual IFIP WG 11.3 Working conference on data and applications security. Springer, p 207–221Google Scholar
- Wu GZ, Osborn SL, Jin X (2009) Database intrusion detection using role profiling with role hierarchy. In: SDM 2009. Springer, p 33–48Google Scholar
- Yao QS, An AJ, Huang XJ (2005) Finding and analyzing database user sessions. In: DASFAA 2005. Springer, p 851–862Google Scholar
- Yulevich Y, Pyasik A, Gorelik L (2012) Anomaly Detection Algorithms on IBM InfoSphere Streams: Anomaly Detection for Data in Motion. In: ISPA 2012. IEEE, p 301–308Google Scholar