Abstract
Anomaly detection in the work of data center users is an important step in ensuring data center security. Such anomalies can be caused by both SQL injection attacks and user attempts to violate access control rules. One of the most effective approaches to detect abnormal user behavior in data centers is the use of machine learning methods. The paper explores the possibilities of using various machine learning models (classifiers) to detect such anomalies. A feature of the problem being solved is its focus on the university data center, whose databases have a non-normalized structure. In this case, the problem of reducing the dimension of the feature space for machine learning arises. The paper proposes an algorithm for generating a dataset based on typing the data table names. The issues of software implementation of the proposed approach are considered. The experimental results obtained on seven classifiers confirmed the high efficiency of the proposed approach. They showed that the decision tree, the k-nearest neighbors’ method and the multilayer neural network have the highest efficiency in the problem being solved.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alqahtani, J., Alanazi, S., Hamdaoui, B.: Traffic behavior in cloud data centers: a survey. In: 2020 International Wireless Communications and Mobile Computing (IWCMC), pp. 2106–2111 (2020)
Welsh, T., Benkhelifa, E.: On resilience in cloud computing: a survey of techniques across the cloud domain. ACM Comput. Surv. 53(3), 59 (2021)
Mujib, M., Sari, R.F.: Performance evaluation of data center network with network micro-segmentation. In: 2020 12th International Conference ICITEE, pp. 27–32 (2020)
Klymash, M., Shpur, O., Lavriv, O., Peleh, N.: Information security in virtualized data center network. In: 2019 3rd International Conference on Advanced Information and Communications Technologies (AICT), pp. 419–422 (2019)
Paiusescu, L., Barbulescu, M., Vraciu, V., Carabas, M., Cuza, A.I.: Efficient datacenters management for network and security operations. In: 2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet), pp. 1–5 (2018)
Marashdeh, Z., Suwais, K., Alia, M.: A survey on SQL injection attack: detection and challenges. In: 2021 International Conference ICIT, pp. 957–962 (2021)
Decker, L., Leite, D., Giommi, L., Bonacorsi, D.: Real-time anomaly detection in data centers for log-based predictive maintenance using an evolving fuzzy-rule-based approach. In: 2020 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE), pp. 1–8 (2020)
Shahid, N., Ali Shah, M.: Anomaly detection in system logs in the sphere of digital economy. In: Competitive Advantage in the Digital Economy, pp. 185–190 (2021)
Nanekaran, N.P., Esmalifalak, M., Narimani, M.: Fast anomaly detection in micro data centers using machine learning techniques. In: 2020 IEEE 18th International Conference on Industrial Informatics (INDIN), pp. 86–93 (2020)
Deka, P.K., Bhuyan, M.H., Kadobayashi, Y., Elmroth, E.: Adversarial impact on anomaly detection in cloud datacenters. In: 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC), pp. 188–18809 (2019)
Chen, J., Wang, L., Hu, Q.: Machine learning-based anomaly detection of ganglia monitoring data in HEP data center. In: EPJ Web Conference, vol. 245, p. 07061 (2020)
Salman, T., Bhamare, D., Erbad, A., Jain, R., Samaka, M.: Machine learning for anomaly detection and categorization in multi-cloud environments. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 97–103 (2017)
Hlaing, Z.C.S.S., Khaing, M.: A detection and prevention technique on SQL injection attacks. In: 2020 IEEE Conference on Computer Applications, pp. 1–6 (2020)
Gowtham, M., Pramod, H.B.: Semantic query-featured ensemble learning model for SQL-injection attack detection in IoT-ecosystems. IEEE Trans. Reliab. 71, 1057–1074 (2022)
Prarthana, T.S., Gangadharю, N.D.: User behaviour anomaly detection in multidimensional data. In: 2017 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), pp. 3–10 (2017)
Xie, X., Ren, C., Fu, Y., Xu, J., Guo, J.: SQL injection detection for web applications based on elastic-pooling CNN. IEEE Access 7, 151475–151481 (2019)
Xiao, Z., Zhou, Z., Yang, W., Deng, C.: An approach for SQL injection detection based on behavior and response analysis. In: 2017 IEEE 9th International Conference on Communication Software and Networks (ICCSN), pp. 1437–1442 (2017)
Hasan, M., Balbahaith, Z., Tarique, M.: Detection of SQL injection attacks: a machine learning approach. In: 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA), pp. 1–6 (2019)
Branitskiy, A.A., Kotenko, I.V.: Analysis and classification of methods for network attack detection. SPIIRAS Proc. 2(45), 207–244 (2016)
Kotenko, I., Saenko, I., Branitskiy, A.: Detection of distributed cyber attacks based on weighed ensemble of classifiers and big data processing architecture. In: IEEE Conference on Computer Communications Workshops, IEEE INFOCOM 2019, pp. 1–6 (2019)
Acknowledgements
This research is being supported by the grant of RSF #21-71-20078 in SPC RAS.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Kotenko, I., Saenko, I. (2023). Applying Machine Learning Methods to Detect Abnormal User Behavior in a University Data Center. In: Braubach, L., Jander, K., Bădică, C. (eds) Intelligent Distributed Computing XV. IDC 2022. Studies in Computational Intelligence, vol 1089. Springer, Cham. https://doi.org/10.1007/978-3-031-29104-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-29104-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-29103-6
Online ISBN: 978-3-031-29104-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)