Applying Machine Learning Methods to Detect Abnormal User Behavior in a University Data Center | SpringerLink
Skip to main content
Springer Nature Link
Log in

Applying Machine Learning Methods to Detect Abnormal User Behavior in a University Data Center

  • Conference paper
  • First Online:
Intelligent Distributed Computing XV (IDC 2022)

Part of the book series: Studies in Computational Intelligence ((SCI,volume 1089))

Included in the following conference series:

  • 230 Accesses

Abstract

Anomaly detection in the work of data center users is an important step in ensuring data center security. Such anomalies can be caused by both SQL injection attacks and user attempts to violate access control rules. One of the most effective approaches to detect abnormal user behavior in data centers is the use of machine learning methods. The paper explores the possibilities of using various machine learning models (classifiers) to detect such anomalies. A feature of the problem being solved is its focus on the university data center, whose databases have a non-normalized structure. In this case, the problem of reducing the dimension of the feature space for machine learning arises. The paper proposes an algorithm for generating a dataset based on typing the data table names. The issues of software implementation of the proposed approach are considered. The experimental results obtained on seven classifiers confirmed the high efficiency of the proposed approach. They showed that the decision tree, the k-nearest neighbors’ method and the multilayer neural network have the highest efficiency in the problem being solved.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 25167
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 31459
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
JPY 31459
Price includes VAT (Japan)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Alqahtani, J., Alanazi, S., Hamdaoui, B.: Traffic behavior in cloud data centers: a survey. In: 2020 International Wireless Communications and Mobile Computing (IWCMC), pp. 2106–2111 (2020)

    Google Scholar 

  2. Welsh, T., Benkhelifa, E.: On resilience in cloud computing: a survey of techniques across the cloud domain. ACM Comput. Surv. 53(3), 59 (2021)

    Article  Google Scholar 

  3. Mujib, M., Sari, R.F.: Performance evaluation of data center network with network micro-segmentation. In: 2020 12th International Conference ICITEE, pp. 27–32 (2020)

    Google Scholar 

  4. Klymash, M., Shpur, O., Lavriv, O., Peleh, N.: Information security in virtualized data center network. In: 2019 3rd International Conference on Advanced Information and Communications Technologies (AICT), pp. 419–422 (2019)

    Google Scholar 

  5. Paiusescu, L., Barbulescu, M., Vraciu, V., Carabas, M., Cuza, A.I.: Efficient datacenters management for network and security operations. In: 2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet), pp. 1–5 (2018)

    Google Scholar 

  6. Marashdeh, Z., Suwais, K., Alia, M.: A survey on SQL injection attack: detection and challenges. In: 2021 International Conference ICIT, pp. 957–962 (2021)

    Google Scholar 

  7. Decker, L., Leite, D., Giommi, L., Bonacorsi, D.: Real-time anomaly detection in data centers for log-based predictive maintenance using an evolving fuzzy-rule-based approach. In: 2020 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE), pp. 1–8 (2020)

    Google Scholar 

  8. Shahid, N., Ali Shah, M.: Anomaly detection in system logs in the sphere of digital economy. In: Competitive Advantage in the Digital Economy, pp. 185–190 (2021)

    Google Scholar 

  9. Nanekaran, N.P., Esmalifalak, M., Narimani, M.: Fast anomaly detection in micro data centers using machine learning techniques. In: 2020 IEEE 18th International Conference on Industrial Informatics (INDIN), pp. 86–93 (2020)

    Google Scholar 

  10. Deka, P.K., Bhuyan, M.H., Kadobayashi, Y., Elmroth, E.: Adversarial impact on anomaly detection in cloud datacenters. In: 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC), pp. 188–18809 (2019)

    Google Scholar 

  11. Chen, J., Wang, L., Hu, Q.: Machine learning-based anomaly detection of ganglia monitoring data in HEP data center. In: EPJ Web Conference, vol. 245, p. 07061 (2020)

    Google Scholar 

  12. Salman, T., Bhamare, D., Erbad, A., Jain, R., Samaka, M.: Machine learning for anomaly detection and categorization in multi-cloud environments. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 97–103 (2017)

    Google Scholar 

  13. Hlaing, Z.C.S.S., Khaing, M.: A detection and prevention technique on SQL injection attacks. In: 2020 IEEE Conference on Computer Applications, pp. 1–6 (2020)

    Google Scholar 

  14. Gowtham, M., Pramod, H.B.: Semantic query-featured ensemble learning model for SQL-injection attack detection in IoT-ecosystems. IEEE Trans. Reliab. 71, 1057–1074 (2022)

    Article  Google Scholar 

  15. Prarthana, T.S., Gangadharю, N.D.: User behaviour anomaly detection in multidimensional data. In: 2017 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), pp. 3–10 (2017)

    Google Scholar 

  16. Xie, X., Ren, C., Fu, Y., Xu, J., Guo, J.: SQL injection detection for web applications based on elastic-pooling CNN. IEEE Access 7, 151475–151481 (2019)

    Article  Google Scholar 

  17. Xiao, Z., Zhou, Z., Yang, W., Deng, C.: An approach for SQL injection detection based on behavior and response analysis. In: 2017 IEEE 9th International Conference on Communication Software and Networks (ICCSN), pp. 1437–1442 (2017)

    Google Scholar 

  18. Hasan, M., Balbahaith, Z., Tarique, M.: Detection of SQL injection attacks: a machine learning approach. In: 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA), pp. 1–6 (2019)

    Google Scholar 

  19. Branitskiy, A.A., Kotenko, I.V.: Analysis and classification of methods for network attack detection. SPIIRAS Proc. 2(45), 207–244 (2016)

    Article  Google Scholar 

  20. Kotenko, I., Saenko, I., Branitskiy, A.: Detection of distributed cyber attacks based on weighed ensemble of classifiers and big data processing architecture. In: IEEE Conference on Computer Communications Workshops, IEEE INFOCOM 2019, pp. 1–6 (2019)

    Google Scholar 

Download references

Acknowledgements

This research is being supported by the grant of RSF #21-71-20078 in SPC RAS.

Author information

Authors and Affiliations

  1. SPC RAS, 39, 14th Liniya, St. Petersburg, Russia

    Igor Kotenko & Igor Saenko

Authors
  1. Igor Kotenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Igor Saenko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Igor Kotenko .

Editor information

Editors and Affiliations

  1. Bremen University of Applied Sciences, Bremen, Germany

    Lars Braubach

  2. Brandenburg University of Applied Sciences, Brandenburg, Germany

    Kai Jander

  3. University of Craiova, Craiova, Romania

    Costin Bădică

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kotenko, I., Saenko, I. (2023). Applying Machine Learning Methods to Detect Abnormal User Behavior in a University Data Center. In: Braubach, L., Jander, K., Bădică, C. (eds) Intelligent Distributed Computing XV. IDC 2022. Studies in Computational Intelligence, vol 1089. Springer, Cham. https://doi.org/10.1007/978-3-031-29104-3_2

Download citation

Publish with us

Policies and ethics

Search

Navigation