Anomaly detection from personal usage patterns in web applications

Vural, Gürkan
The anomaly detection task is to recognize the presence of an unusual (and potentially hazardous) state within the behaviors or activities of a computer user, system, or network with respect to some model of normal behavior which may be either hard-coded or learned from observation. An anomaly detection agent faces many learning problems including learning from streams of temporal data, learning from instances of a single class, and adaptation to a dynamically changing concept. The domain is complicated by considerations of the trusted insider problem (recognizing the difference between innocuous and malicious behavior changes on the part of a trusted user). This study introduces the anomaly detection in web applications and formulates it as a machine learning task on temporal sequence data. In this study the goal is to develop a model or profile of normal working state of web application user and to detect anomalous conditions as deviations from the expected behavior patterns. We focus, here, on learning models of normality at the user behavioral level, as observed through a web application. In this study we introduce some sensors intended to function as a focus of attention unit at the lowest level of a classification hierarchy using Finite State Markov Chains and Hidden Markov Models and discuss the success of these sensors.


Design and implementation of a secure and searchable audit logging system
İncebacak, Davut; Çetin, Yasemin; Department of Information Systems (2007)
Logs are append-only time-stamped records to represent events in computers or network devices. Today, in many real-world networking applications, logging is a central service however it is a big challenge to satisfy the conflicting requirements when the security of log records is of concern. On one hand, being kept on mostly untrusted hosts, the logs should be preserved against unauthorized modifications and privacy breaches. On the other, serving as the primary evidence for digital crimes, logs are often n...
Recursive shortest spaning tree algorithms for image segmentation
Bayramoğlu, Neslihan Yalçın; Bazlamaçcı, Cüneyt Fehmi; Department of Electrical and Electronics Engineering (2005)
Image segmentation has an important role in image processing because it is a tool to obtain higher level object descriptions for further processing. In some applications such as large image databases or video image sequence segmentations, the speed of the segmentation algorithm may become a drawback of the application. This thesis work is a study to improve the run-time performance of a well-known segmentation algorithm, namely the Recursive Shortest Spanning Tree (RSST). Both the original and the fast RSST...
Human motion analysis via axis based representations
Erdem, Sezen; Tarı, Zehra Sibel; Department of Computer Engineering (2007)
Visual analysis of human motion is one of the active research areas in computer vision. The trend shifts from computing motion fields to understanding actions. In this thesis, an action coding scheme based on trajectories of the features calculated with respect to a part based coordinate system is presented. The part based coordinate system is formed using an axis based representation. The features are extracted from images segmented in the form of silhouettes. We present some preliminary experiments that d...
Bayesian learning under nonnormality
Yılmaz, Yıldız Elif; Alpaslan, Ferda Nur; Department of Computer Engineering (2004)
Naive Bayes classifier and maximum likelihood hypotheses in Bayesian learning are considered when the errors have non-normal distribution. For location and scale parameters, efficient and robust estimators that are obtained by using the modified maximum likelihood estimation (MML) technique are used. In naive Bayes classifier, the error distributions from class to class and from feature to feature are assumed to be non-identical and Generalized Secant Hyperbolic (GSH) and Generalized Logistic (GL) distribut...
Semantic data modeling of spatiotemporal database applications
Yazıcı, Adnan; Sun, N (Wiley, 2001-07-01)
Due to the ubiquity of space-related and time-related information, the ability of a database system to deal with both spatial and temporal phenomenon facts in a spatiotemporal applications is highly desired. However, uncertain and fuzzy information in these applications highly increases the complexity of database modeling. In this paper we introduce a semantic data modeling approach for spatiotemporal database applications. We specifically focus on various aspects of spatial and temporal database issues and...
Citation Formats
G. Vural, “Anomaly detection from personal usage patterns in web applications,” M.S. - Master of Science, Middle East Technical University, 2006.