Abstract
A new anomaly detection model which is based on principal component analysis (PCA) is proposed in this paper. Our schema proposes a method to extract the user’s behavior and analyzes the features selected as representative of the user’s access. The PCA method is introduced to the anomaly detection model which adopts its improvements to make it more consistent with anomaly detection system design to describe the user’s behavior more completely and to improve the efficiency and stability of the algorithm. This paper also uses our scheme to the anomaly detection of the database system. Finally, the data sets from the internet are used to test the feasibility of this model. The experimental results show that our model can detect normal and abnormal user behavior precisely and effectively.
Similar content being viewed by others
References
Bertino E, Kamra A, Terzi E, Vakali A (2005) Intrusion detection in rbac-administered databases. In: ACSAC 2005. IEEE, p 170–179
Castiglione A, Pizzolante R, De Santis A, Carpentieri B, Castiglione A et al (2015) Cloud-based adaptive compression and secure management services for 3d healthcare data. Future Gener Comput Syst 1(43):120–134
Cui BJ, Liu ZL, Wang LY (2015) Key-aggregate searchable encryption (KASE) for group data sharing via cloud storage. IEEE Trans Comput. doi:10.1109/TC.2015.2389959
Eesa AS, Orman Z, Adnan Brifcani AM (2015) A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst Appl 43(5):2670–2679
Esposito C, Ficco M, Palmieri F, Castiglione A (2013) Interconnecting federated clouds by using publish-subscribe service. Cluster computing 16(4):887–903
Esposito C, Ficco M, Palmieri F, Castiglione A (2015) Smart cloud storage service selection based on fuzzy logic, theory of evidence and game theory. IEEE Trans Comput. doi:10.1109/TC.2015.2389952
Fiore U, Palmieri F, Castiglione A et al (2013) Network anomaly detection with the restricted Boltzmann machine. Neurocomputing 122:13–23
Goyal MK, Aggarwal A, Jain N (2012) Effect of change in rate of genetic algorithm operator on composition of signatures for misuse intrusion detection System. In: PDGC 2012. IEEE p 669–672
Hu Y, Panda B (2004) A data mining approach for database intrusion detection. In:ACM Symposium on Applied Computing. ACM, p 711716
Jonathan G (2015) Constrained principal component analysis and related techniques. J Appl Stat 42(4):209–222
Lee DH, Kim Byunghun K, Kim KJ (2014) PCA in ERP environment using the misuse detection system design and implementation of RBAC permissions [J]. Multimed Tools Appl 73(2):601–615
Li DJ, Wang Q, Wang C, Cao N, Ren K, Lou WJ (2010) Fuzzy Keyword search over encrypted data in cloud computing. In: INFOCOM 2010. IEEE, p 441–445
Li J, Chen XF, Li MQ, Li JW, Lee P, Lou WJ (2014a) Secure deduplication with efficient and reliable convergent key management. IEEE Trans Parallel Distrib Syst 25(6):1615–1625
Li J, Huang XY, Li JW, Chen XF, Xiang Y (2014b) Securely outsourcing attribute-based encryption with check ability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210
Liu ZL, Li JW, Li J, Jia CF (2014) SQL-based fuzzy query mechanism over encrypted databases. Int J Data Warehouse Min 10(4):71–87
Mathew S, Petropoulos M, Ngo H, Upadhyaya S (2010) A data-centric approach to insider attack detection in database systems. In: RAID 2010. Springer, p 382–401
Meng WZ, Li WJ, Lam-For Kwok (2014) EFM: enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism. Comput Secur 43:189–204
Palmieri F, Fiore U, Castiglione A (2014) A distributed approach to network anomaly detection based on independent component analysis. Concurr Comput Pract Exp 26(5):1113–1129
Spalka A, Lehnhardt J (2005) A comprehensive approach to anomaly detection in relational databases. In: 19th Annual IFIP WG 11.3 Working conference on data and applications security. Springer, p 207–221
Tarek S, Abdulsalam B, Elhadi S (2014) A3ACKs: adaptive three acknowledgments intrusion detection system for MANETs. J Ambient Intell Humaniz Comput 5(4):611–620
Wu GZ, Osborn SL, Jin X (2009) Database intrusion detection using role profiling with role hierarchy. In: SDM 2009. Springer, p 33–48
Xie M, Hu JK, Guo S (2015) Segment-Based Anomaly Detection with Approximated Sample Covariance Matrix in Wireless Sensor Networks. IEEE Trans Parallel Distrib Syst 26(2):573–584
Yao QS, An AJ, Huang XJ (2005) Finding and analyzing database user sessions. In: DASFAA 2005. Springer, p 851–862
Yulevich Y, Pyasik A, Gorelik L (2012) Anomaly Detection Algorithms on IBM InfoSphere Streams: Anomaly Detection for Data in Motion. In: ISPA 2012. IEEE, p 301–308
Acknowledgements
The authors would like to thank the reviewers for their detailed reviews and constructive comments, which have helped improve the quality of this paper. This work was supported in part by the Liaoning Province Doctor Startup Fund under Grant NO.20141012, the Liaoning Province Science and Technology Projects under Grant No.2013217004, the Shenyang Province Science and Technology Projects under Grant No.F14-231-1-08, the Fundamental Research Funds for the Central Universities under. Grant No.N130317002.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Bi, M., Xu, J., Wang, M. et al. Anomaly detection model of user behavior based on principal component analysis. J Ambient Intell Human Comput 7, 547–554 (2016). https://doi.org/10.1007/s12652-015-0341-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-015-0341-4