A User Behavior Anomaly Detection Approach Based on Sequence Mining over Data Streams

2016 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT) Pub Date : 2016-12-01 DOI:10.1109/PDCAT.2016.086

Yong Zhou, Yijie Wang, Xingkong Ma

{"title":"A User Behavior Anomaly Detection Approach Based on Sequence Mining over Data Streams","authors":"Yong Zhou, Yijie Wang, Xingkong Ma","doi":"10.1109/PDCAT.2016.086","DOIUrl":null,"url":null,"abstract":"How to design a low-latency and accurate approach for user behavior anomaly detection over data streams has become a great challenge. However, existing studies cannot meet low-latency and accurate requirements, due to a large number of subsequences and sequential relationship in behaviors. This paper presents BADSM, a user behavior anomaly detection approach based on sequence mining over data streams that seeks to address such challenge. BADSM uses self-adaptive behavior pruning algorithm to adaptively divide data stream into behaviors and decrease the number of subsequences to improve the efficiency of sequence mining. Meanwhile, the top-k abnormal scoring algorithm is used to reduce the complexity of traversal and obtain quantitative detection result to improve accuracy. We design and implement a streaming anomaly detection system based on BADSM to perform online detection. Extensive experiments confirm that BADSM significantly reduces processing delay by at least 36.8% and false positive rate by 6.4% compared with the classic sequence mining approach PrefixSpan.","PeriodicalId":203925,"journal":{"name":"2016 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PDCAT.2016.086","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

How to design a low-latency and accurate approach for user behavior anomaly detection over data streams has become a great challenge. However, existing studies cannot meet low-latency and accurate requirements, due to a large number of subsequences and sequential relationship in behaviors. This paper presents BADSM, a user behavior anomaly detection approach based on sequence mining over data streams that seeks to address such challenge. BADSM uses self-adaptive behavior pruning algorithm to adaptively divide data stream into behaviors and decrease the number of subsequences to improve the efficiency of sequence mining. Meanwhile, the top-k abnormal scoring algorithm is used to reduce the complexity of traversal and obtain quantitative detection result to improve accuracy. We design and implement a streaming anomaly detection system based on BADSM to perform online detection. Extensive experiments confirm that BADSM significantly reduces processing delay by at least 36.8% and false positive rate by 6.4% compared with the classic sequence mining approach PrefixSpan.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于数据流序列挖掘的用户行为异常检测方法

如何设计一种低延迟、准确的数据流用户行为异常检测方法已成为一个巨大的挑战。然而，由于行为中存在大量的子序列和顺序关系，现有的研究无法满足低延迟和准确的要求。本文提出了BADSM，一种基于数据流序列挖掘的用户行为异常检测方法，旨在解决这一挑战。BADSM采用自适应行为修剪算法，自适应地将数据流划分为行为，减少子序列的数量，提高序列挖掘的效率。同时，采用top-k异常评分算法，降低遍历复杂度，获得定量检测结果，提高准确率。我们设计并实现了一个基于BADSM的流异常检测系统，实现在线检测。大量的实验证实，与经典的序列挖掘方法PrefixSpan相比，BADSM显著降低了处理延迟至少36.8%，假阳性率降低了6.4%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2016 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT)

自引率

0.00%

发文量