TY - GEN
T1 - Analysis of user’s abnormal behavior based on behavior sequence in enterprise network
AU - Guan, Haichao
AU - Li, Huakang
AU - Sun, Guozi
N1 - Publisher Copyright:
© Springer International Publishing AG 2017.
PY - 2017
Y1 - 2017
N2 - There are many abnormal user behavior in the enterprise network environment, how to monitor it effectively is a hot research hotspot. At present, the analysis of abnormal behavior is mainly through the means of traffic monitoring, but there is no precise definition and related research on the behavior of enterprise network users. Therefore, the paper propose a model to analyze the abnormal behavior of enterprise network users. First, the data from the monitoring log of enterprise network should be pre-processing and the user behavior are serializing; then, for each user behavior sequence in sequence databases, calculating the user behavior similarity and correlation coefficient in a week by the improved algorithm; finally, comparing the similarity and the correlation coefficient between users and finding the user abnormal behavior. In this paper, we use the model to verify the feasibility of the internal network of the company, and find out the user’s abnormal behavior.
AB - There are many abnormal user behavior in the enterprise network environment, how to monitor it effectively is a hot research hotspot. At present, the analysis of abnormal behavior is mainly through the means of traffic monitoring, but there is no precise definition and related research on the behavior of enterprise network users. Therefore, the paper propose a model to analyze the abnormal behavior of enterprise network users. First, the data from the monitoring log of enterprise network should be pre-processing and the user behavior are serializing; then, for each user behavior sequence in sequence databases, calculating the user behavior similarity and correlation coefficient in a week by the improved algorithm; finally, comparing the similarity and the correlation coefficient between users and finding the user abnormal behavior. In this paper, we use the model to verify the feasibility of the internal network of the company, and find out the user’s abnormal behavior.
KW - Abnormal behavior analysis
KW - Behavior sequence
KW - Behavior similarity
UR - http://www.scopus.com/inward/record.url?scp=85033688182&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-68505-2_46
DO - 10.1007/978-3-319-68505-2_46
M3 - Conference Proceeding
AN - SCOPUS:85033688182
SN - 9783319685045
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 531
EP - 541
BT - Cloud Computing and Security - 3rd International Conference, ICCCS 2017, Revised Selected Papers
A2 - Sun, Xingming
A2 - You, Xingang
A2 - Chao, Han-Chieh
A2 - Bertino, Elisa
PB - Springer Verlag
T2 - 3rd International Conference on Cloud Computing and Security, ICCCS 2017
Y2 - 16 June 2017 through 18 June 2017
ER -