A Similarity Network Based Behavior Anomaly Detection Model for Computer Systems

As modern computer systems become increasingly complex in infrastructure and usage, the demand for capabilities of detecting anomalous behavior has grown urgent. Although techniques for point anomaly detection have been proposed and adopted in practice, behavior anomaly detection still lacks effective approaches due to its inherent complexities. We present a new anomalous behavior detection model based on similarity network. Instead of learning behaviors according to frequencies of occurrences as current approaches do, our model exploits the similarity relationship between emerging behavior patterns. Specifically, a Markov model rank algorithm is performed on the similarity network to discover behavior anomalies. Our model is able to distinguish normal behavior patterns and anomalous ones in changing environments without training phase. We implemented this model and conducted extensive experiments on a range of data sets. Results show that our model can detect behavior anomalies in computer systems with high accuracy.