Detecting Anomalous User Behavior in Database
نویسندگان
چکیده
In order to protect vital data in today’s internet environment and prevent misuse, especially insider abuse by valid users, we propose a novel two-step detecting approach to distinguish potential misuse behaviour (namely anomalous user behaviour) from normal behaviour. First, we capture the access patterns of users by using association rules. Then, based on the patterns and users’ sequential behaviour, we try to deter anomalous user behaviour by leveraging the logistic regression model. Experimental results on real dataset indicate that our method can get a better result and outperform two state-of-the-art method. The proposed two-step detecting approach can effectively detect anomalous user behaviour from the log data generated by operation and maintenance staffs.
منابع مشابه
Analysis of User query refinement behavior based on semantic features: user log analysis of Ganj database (IranDoc)
Background and Aim: Information systems cannot be well designed or developed without a clear understanding of needs of users, manner of their information seeking and evaluating. This research has been designed to analyze the Ganj (Iranian research institute of science and technology database) users’ query refinement behaviors via log analysis. Methods: The method of this research is log anal...
متن کاملDetection of Anomalous Mailing Behavior Using Novel Data Mining Approaches
The paper presents a novel method for detecting anomalous mailing behavior based on data mining approaches. Known or unknown email viruses may cause anomalous behaviors. Such behavior can be measured by deviations from a user’s normal behavior. Grouping and association analysis are used to establish a normal user profile. The building process is divided into two stages first, group relation ana...
متن کاملIdentification of the underlying factors affecting information seeking behavior of users interacting with the visual search option in EBSCO: a grounded theory study
Background and Aim: Information seeking is interactive behavior of searcher with information systems and this active interaction occurs in a real environment known as background or context. This study investigated the factors influencing the formation of layers of context and their impact on the interaction of the user with search option dialoge in EBSCO database. Method: Data from 28 semi-stru...
متن کاملDetecting Anomalous User Behavior Using an Extended Isolation Forest Algorithm: An Enterprise Case Study
Anomalous user behavior detection is the core component of many information security systems, such as intrusion detection, insider threat detection and authentication systems. Anomalous behavior will raise an alarm to the system administrator and can be further combined with other information to determine whether it constitutes an unauthorised or malicious use of a resource. This paper presents...
متن کاملDetecting the Abnormal : Machine
Two problems of importance in computer security are to 1) detect the presence of an intruder masquerading as the valid user and 2) detect the perpetration of abusive actions on the part of an otherwise innocuous user. In this paper we present a machine learning approach to anomaly detection, designed to handle these two problems. Our system learns a user pro le for each user account and subsequ...
متن کامل