Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

User behavior anomaly detection system and method based on principal component analysis

A principal component analysis, anomaly detection technology, applied in the computer field, can solve the problems of long running time, long system response time, complex process design, etc., to achieve the effect of increasing detection efficiency, effective detection results, and easy implementation

Active Publication Date: 2016-11-09
NORTHEASTERN UNIV
View PDF2 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Most of the existing user behavior anomaly detection methods are based on data mining methods and machine learning methods. The methods mainly focus on correlation analysis, cluster analysis, and sequence pattern analysis. Massive data source audits are required, resulting in slow system operation and system failure. The response time is long, and the phenomenon of suspended animation often occurs
At the same time, the process design of existing data mining methods and machine learning methods is relatively complex, and it takes a long time to obtain results. For example, a user behavior detection method based on a hidden Markov model (Hidden MarkovModel, HMM), which uses HMM establishes the normal behavior profile of legitimate users at the user interface layer, and uses the Baum-Welch algorithm to train HMM, and uses the approximate forward-backward algorithm and Bayesian criterion in the detection stage to judge whether the user's current behavior is abnormal. The method can detect user behavior, but it requires a large amount of calculation, and the detection efficiency and real-time performance are poor; the user behavior detection method based on neural network has low operating efficiency in the detection process, and the process requires human intervention, which is poor in practicability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • User behavior anomaly detection system and method based on principal component analysis
  • User behavior anomaly detection system and method based on principal component analysis
  • User behavior anomaly detection system and method based on principal component analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0056] An embodiment of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0057] A user behavior anomaly detection system based on principal component analysis: the user behavior includes two types: user database access behavior and user Web server access behavior; user behavior elements in each type of user behavior include: when user behavior is database When accessing behavior, the user behavior element includes the name of the data table accessed by the user, the user access time, the primary key in the user access table, the original data accessed by the user, and the data changed by the user; when the user behavior is a web server access behavior, the user behavior element includes the user The object of the access request to the web server and the time interval between adjacent access requests.

[0058] Such as figure 1 As shown, the system includes the following modules:

[0059] The user behavior preprocessing m...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a user behavior anomaly detection system and method based on principal component analysis, and belongs to the technical field of a computer. The system comprises a user behavior preprocessing module, a user behavior training module, a PCA module, a user behavior detection module and a user behavior anomaly processing module. The method comprises a user behavior training stage and a user behavior detection stage. The user behavior training stage is used for generating a user behavior anomaly threshold value. The user behavior detection stage is used for judging whether a real-time behavior is abnormal or not by employing the user behavior anomaly threshold value. According to the system and the method, the anomaly behavior of a user is detected by employing a PCA method,; the PCA is very sensitive to anomaly value change, the influence of the user behavior anomaly on a principal direction is very high, and therefore, a user behavior detection is more effective; no repeated operation exists in the detection process, therefore, the detection efficiency is improved, and the method is easy to realize; whether the real-time user behavior is abnormal or not is detected by employing the threshold value, and therefore, the detection is efficient and convenient.

Description

technical field [0001] The invention belongs to the technical field of computers, and in particular relates to a system and method for abnormal user behavior detection based on principal component analysis. Background technique [0002] With the advancement of informatization and the rapid development of the Internet and network data services, more and more people begin to use the Internet to obtain information. Network users can store files, browse websites, establish remote video interaction, order train tickets and shop through the network. However, while enjoying the convenience of the network, we are also facing the threats brought by various network attack methods. Traditional user identity authentication mechanisms, such as access control, data encryption, identity authentication, etc., all use passwords for user authentication, and passwords are easily cracked by illegal users, resulting in poor security of these mechanisms, which cannot guarantee the security of us...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1416
Inventor 徐剑杨青松毕猛周福才王墨
Owner NORTHEASTERN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com