Research On Data Mining Method For Abnormal Behavior Of Network Users

With the rapid development of technologies such as big data and the Internet of Things,user access information has also shown rapid development.However,enjoying huge technological dividends,all sectors of society are also facing problems brought about by information security.Anomaly detection and analysis for large data platforms is one of the research hotspots in academia.However,the traditional anomaly detection methods for large-scale distributed data have some shortcomings.First,collecting Web log traffic data sets is time-sensitive,but little attention has been paid to traditional anomaly detection algorithms.Secondly,training the access data of existing normal users requires a lot of cost,and the efficiency of anomaly detection is low.Thirdly,in the era of big data,network traffic presents large amount of data,high dimension of feature attributes and great correlation among attributes.Using traditional anomaly detection methods,detection efficiency is low and detection time is long.Therefore,how to quickly and efficiently detect anomalies in large-scale network user behavior data,which is collected by large data platforms has become a huge chal enge.In view of the above problems,this paper analyzes the advantages and disadvantages of various anomaly detection methods.Two anomaly detection methods based on data mining are proposed to achieve efficient anomaly detection.The main contributions of this paper are as follows.(1).Aiming at the huge cost of training and updating the normal user access mode.When the amount of Web log data is large,the problem of extracting the normal user access mode is low time efficiency,low detection rate and high false alarm rate.A method of anomaly detection based on sequential pattern mining is proposed.The normal user access pattern is extracted by using the improved distributed maximum frequent sequence extraction algorithm.The abnormal situation is detected and located by sequence alignment between the simulated user sequence containing the attack and the normal user access rule base.(2).Aiming at the large amount of network traffic data and high data dimension.A method of improved anomaly detection algorithm for GRU is proposed.Firstly,the principal component analysis is used to reduce the dimension of the large-scale network traffic data set and extract the effective attributes.Then,the processed training data set is used to train the GRU-SVDD classifier model.Finally,the actual flow to be detected is input to the GRU-SVDD comparator to detect an abnormality in the flow.(3).A multi-layer protection model from application layer and network layer is constructed for the network user behavior data set collected on the large data platform.It can protect the security of big data platform in an all-round way.And the system is designed and implemented.