Design And Implementation Of Anomaly Detection System Of Web User Behaviors

In the era of big data,information security has become a problem that people attach great importance to.The Internet environment is complex and changeable today,cyber-attacks occur frequently,the significance of intrusion detection system is increasing reflected.For the Internet intrusion,most of the audit data currently used in the mainstream user behavior anomaly detection technology is from the system or application level,which will lose a lot of useful information at the user level,and most of the audit data is obtained by manual collection,which leads to high development and maintenance costs.In this paper,we design a universal system for anomaly detection of user behaviors,which collects the user behaviors on the Web as the audit data automatically,and recognizes anomaly behaviors by establishing a normal behavior profile for a valid user.Firstly,we investigate the related technologies of intrusion detection.Combined with the functional requirements of intrusion detection system,we design the overall system architecture and each module in detail,including the collection of user behavior data,reception and preprocessing of data,data storage,training and detecting,as well as the inquiry and display of detecting results.The collection of user behavior data is combined with the APM,which obtains the user's operation on the Web application by means of automatic tracking.Then,we design machine learning algorithms based on user behavior sequence and user behavior habit.Core idea of the former is to mine user behavior sequence patterns and establish a normal behavior profile,judge by calculating similarity between current behavior and the normal profile.The latter counts the mean and standard deviation of click frequency of user's operation,and makes anomaly judgment according to 3 Sigma rule.Finally,we implement the system based on the design scheme,and validate the validity of the anomaly detection system by experiments.Experimental results show that the system can judge the user's anomaly behavior effectively,with good accuracy and efficiency.