Title :
A Similarity Network Based Behavior Anomaly Detection Model for Computer Systems
Author :
Qijun Shen ; Jian Cao ; Hua Gu
Author_Institution :
Dept. of Comput. Sci. & Technol., Shanghai Jiaotong Univ., Shanghai, China
Abstract :
As modern computer systems become increasingly complex in infrastructure and usage, the demand for capabilities of detecting anomalous behavior has grown urgent. Although techniques for point anomaly detection have been proposed and adopted in practice, behavior anomaly detection still lacks effective approaches due to its inherent complexities. We present a new anomalous behavior detection model based on similarity network. Instead of learning behaviors according to frequencies of occurrences as current approaches do, our model exploits the similarity relationship between emerging behavior patterns. Specifically, a Markov model rank algorithm is performed on the similarity network to discover behavior anomalies. Our model is able to distinguish normal behavior patterns and anomalous ones in changing environments without training phase. We implemented this model and conducted extensive experiments on a range of data sets. Results show that our model can detect behavior anomalies in computer systems with high accuracy.
Keywords :
Markov processes; security of data; Markov model rank algorithm; anomalous behavior detection model; behavior anomaly detection model; behavior anomaly discovery; computer systems; normal behavior patterns; point anomaly detection; similarity network; similarity relationship; Computational modeling; Computers; Heuristic algorithms; Markov processes; Monitoring; Servers; Time series analysis; Behavior Anomaly Detection; Graph Data Mining; Similarity Network;
Conference_Titel :
Computational Science and Engineering (CSE), 2014 IEEE 17th International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4799-7980-6
DOI :
10.1109/CSE.2014.319
