Applying Machine Learning Methods to Detect Abnormal User Behavior in a University Data Center

Anomaly detection in the work of data center users is an important step in ensuring data center security. Such anomalies can be caused by both SQL injection attacks and user attempts to violate access control rules. One of the most effective approaches to detect abnormal user behavior in data centers is the use of machine learning methods. The paper explores the possibilities of using various machine learning models (classifiers) to detect such anomalies. A feature of the problem being solved is its focus on the university data center, whose databases have a non-normalized structure. In this case, the problem of reducing the dimension of the feature space for machine learning arises. The paper proposes an algorithm for generating a dataset based on typing the data table names. The issues of software implementation of the proposed approach are considered. The experimental results obtained on seven classifiers confirmed the high efficiency of the proposed approach. They showed that the decision tree, the k-nearest neighbors’ method and the multilayer neural network have the highest efficiency in the problem being solved.