Detección de Anomalías mediante Selección Negativa y el algoritmo Knuth Morris Pratt (Negative Selection and Knuth Morris Pratt Algorithm for Anomaly Detection)

César Byron Guevara Maldonado (cesargue@ucm.es)1, Matilde Santos Peñas (msantos@ucm.es)1, María Victoria López López (vlopez@fdi.ucm.es)1


1Universidad Complutense de Madrid

This paper appears in: Revista IEEE América Latina

Publication Date: March 2016
Volume: 14,   Issue: 3 
ISSN: 1548-0992


Abstract:
In this paper an algorithm for detecting anomalous behavior on computer systems is proposed. The work is based on information from the behavior of authorized users who have performed various tasks on a computer system over two years. The study uses a dynamic data structure that can encode the current activities of users and their behaviors. The identification of the most and least frequent tasks, based on the historical database of each user, provides a simple way of creating a single profile of behavior. With this profile, we apply negative selection techniques to obtain a reasonable computational size set of anomalous detectors. We then apply the Knuth-Morris-Pratt algorithm for locating detectors of anomalies as indicators of fraudulent behavior. This procedure for detecting anomalous behavior has been tested on real data and the results prove the effectiveness of the proposal and motivate further research to improve the existing detection system.

Index Terms:
Anomaly Detection, Computer Systems, Behavior Profile, Negative Selection, Knuth Morris Pratt algorithm   


Documents that cite this document
This function is not implemented yet.


[PDF Full-Text (321)]