Anomaly detection from personal usage patterns in web applications

Download
2006
Vural, Gürkan
The anomaly detection task is to recognize the presence of an unusual (and potentially hazardous) state within the behaviors or activities of a computer user, system, or network with respect to some model of normal behavior which may be either hard-coded or learned from observation. An anomaly detection agent faces many learning problems including learning from streams of temporal data, learning from instances of a single class, and adaptation to a dynamically changing concept. The domain is complicated by considerations of the trusted insider problem (recognizing the difference between innocuous and malicious behavior changes on the part of a trusted user). This study introduces the anomaly detection in web applications and formulates it as a machine learning task on temporal sequence data. In this study the goal is to develop a model or profile of normal working state of web application user and to detect anomalous conditions as deviations from the expected behavior patterns. We focus, here, on learning models of normality at the user behavioral level, as observed through a web application. In this study we introduce some sensors intended to function as a focus of attention unit at the lowest level of a classification hierarchy using Finite State Markov Chains and Hidden Markov Models and discuss the success of these sensors.

Suggestions

Resource based plan revision in dynamic multi-agent environments
Erdoğdu, Utku; Polat, Faruk; Department of Computer Engineering (2004)
Planning framework is commonly used to represent intelligent agents effectively and to model complex behavior. In planning framework, resource-based perspective is interesting in the sense that in a multi-agent environment, exchange of resources can form a cooperative interaction. In resource based plan coordination, each agent constructs an individual plan, then plans are examined by a central plan revision unit for possibilities of removing actions. Domain of this work is the classical postmen domain that...
Recursive shortest spaning tree algorithms for image segmentation
Bayramoğlu, Neslihan Yalçın; Bazlamaçcı, Cüneyt Fehmi; Department of Electrical and Electronics Engineering (2005)
Image segmentation has an important role in image processing because it is a tool to obtain higher level object descriptions for further processing. In some applications such as large image databases or video image sequence segmentations, the speed of the segmentation algorithm may become a drawback of the application. This thesis work is a study to improve the run-time performance of a well-known segmentation algorithm, namely the Recursive Shortest Spanning Tree (RSST). Both the original and the fast RSST...
Bayesian learning under nonnormality
Yılmaz, Yıldız Elif; Alpaslan, Ferda Nur; Department of Computer Engineering (2004)
Naive Bayes classifier and maximum likelihood hypotheses in Bayesian learning are considered when the errors have non-normal distribution. For location and scale parameters, efficient and robust estimators that are obtained by using the modified maximum likelihood estimation (MML) technique are used. In naive Bayes classifier, the error distributions from class to class and from feature to feature are assumed to be non-identical and Generalized Secant Hyperbolic (GSH) and Generalized Logistic (GL) distribut...
Specification and verification of confidentiality in software architectures
Ulu, Cemil; Oğuztüzün, Mehmet Halit S.; Department of Computer Engineering (2004)
This dissertation addresses the confidentiality aspect of the information security problem from the viewpoint of the software architecture. It presents a new approach to secure system design in which the desired security properties, in particular, confidentiality, of the system are proven to hold at the architectural level. The architecture description language Wright is extended so that confidentiality authorizations can be specified. An architectural description in Wright/c, the extended language, assigns...
Action recognition through action generation
Akgün, Barış; Şahin, Erol; Department of Computer Engineering (2010)
This thesis investigates how a robot can use action generation mechanisms to recognize the action of an observed actor in an on-line manner i.e., before the completion of the action. Towards this end, Dynamic Movement Primitives (DMP), an action generation method proposed for imitation, are modified to recognize the actions of an actor. Specifically, a human actor performed three different reaching actions to two different objects. Three DMP's, each corresponding to a different reaching action, were trained...
Citation Formats
G. Vural, “Anomaly detection from personal usage patterns in web applications,” M.S. - Master of Science, Middle East Technical University, 2006.