User behavior anomaly detection system and method based on principal component analysis

Abstract

The invention discloses a user behavior anomaly detection system and method based on principal component analysis, and belongs to the technical field of a computer. The system comprises a user behavior preprocessing module, a user behavior training module, a PCA module, a user behavior detection module and a user behavior anomaly processing module. The method comprises a user behavior training stage and a user behavior detection stage. The user behavior training stage is used for generating a user behavior anomaly threshold value. The user behavior detection stage is used for judging whether a real-time behavior is abnormal or not by employing the user behavior anomaly threshold value. According to the system and the method, the anomaly behavior of a user is detected by employing a PCA method,; the PCA is very sensitive to anomaly value change, the influence of the user behavior anomaly on a principal direction is very high, and therefore, a user behavior detection is more effective; no repeated operation exists in the detection process, therefore, the detection efficiency is improved, and the method is easy to realize; whether the real-time user behavior is abnormal or not is detected by employing the threshold value, and therefore, the detection is efficient and convenient.

Description

technical field [0001] The invention belongs to the technical field of computers, and in particular relates to a system and method for abnormal user behavior detection based on principal component analysis. Background technique [0002] With the advancement of informatization and the rapid development of the Internet and network data services, more and more people begin to use the Internet to obtain information. Network users can store files, browse websites, establish remote video interaction, order train tickets and shop through the network. However, while enjoying the convenience of the network, we are also facing the threats brought by various network attack methods. Traditional user identity authentication mechanisms, such as access control, data encryption, identity authentication, etc., all use passwords for user authentication, and passwords are easily cracked by illegal users, resulting in poor security of these mechanisms, which cannot guarantee the security of us...

AI Technical Summary

Problems solved by technology

Most of the existing user behavior anomaly detection methods are based on data mining methods and machine learning methods. The methods mainly focus on correlation analysis, cluster analysis, and sequence pattern analysis. Massive data source audits are required, resulting in slow system operation and system failure. The response time is long, and the phenomenon of suspended animation often occurs

At the same time, the process design of existing data mining methods and machine learning methods is relatively complex, and it takes a long time to obtain results. For example, a user behavior detection method based on a hidden Markov model (Hidden MarkovModel, HMM), which uses HMM establishes the normal behavior profile of legitimate users at the user interface layer, and uses the Baum-Welch algorithm to train HMM, and uses the approximate forward-backward algorithm and Bayesian criterion in the detection stage to judge whether the user's current behavior is abnormal. The method can detect user behavior, but it requires a large amount of calculation, and the detection efficiency and real-time performance are poor; the user behavior detection method based on neural network has low operating efficiency in the detection process, and the process requires human intervention, which is poor in practicability

Images