SFAD: Toward effective anomaly detection based on session feature similarity

Abstract Detecting anomalies in sequence data has become an important research topic with applications in the fields of network intrusion and cluster system reliability. Especially, detecting and locating unknown abnormal information are very important tasks. One of the challenges that is highly valued by both academia and industry is reducing the training time and the complexity of the model. Moreover, the model should not only improve the detection efficiency but should also quickly obtain accurate results. This paper proposes a novel anomaly detection algorithm with fuzzy clustering for the session feature similarity (SFAD). The proposed algorithm consists of three main steps. First, we establish sliding windows to collect the web access information of different users. Second, we use the P a g e R a n k algorithm to determine the webpage weight information and calculate the similarity information between users. Finally, using Lambda Cut method of fuzzy clustering to identify suspect users, we can locate abnormal users based on the information returned from multiple windows. The experimental results show that our method is simple and practical; namely, through five groups of comparison experiments on the msnbc.com experimental dataset, the results show that the SFAD method can effectively achieve higher detection accuracy and a lower false alarm rate compared to other methods.