Developing an anomaly detection framework for Linux-based systems requires extensive knowledge of the target system, user access patterns to the files, and system logs. This study presents an overview of methodologies that use unsupervised machine learning models such as DBSCAN, Isolation Forest, and Hidden Markov Models (HMM), to cluster normal user file access activities on Linux-based HDFS environment. The target system’s file logs are analyzed to identify the most appropriate technique for detecting malicious behavior, including attempts to retrieve confidential information, which can lead to data breaches. The results are evaluated using the Silhouette Score and Davies-Bouldin Score. Although existing techniques often overlook insider threats, such as untimely file access, among normal user activities, this paper focuses on mitigating such instances. It provides a comparative analysis of the strengths and weaknesses of each model, which contributes to improved data security in file systems.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Overview of Machine Learning-Based Anomaly Detection in Linux-Based File Systems

  • Ashwin Taras,
  • Aditya More,
  • Riddhi Kulkarni,
  • K. C. Waghmare,
  • Narendra Pal Singh

摘要

Developing an anomaly detection framework for Linux-based systems requires extensive knowledge of the target system, user access patterns to the files, and system logs. This study presents an overview of methodologies that use unsupervised machine learning models such as DBSCAN, Isolation Forest, and Hidden Markov Models (HMM), to cluster normal user file access activities on Linux-based HDFS environment. The target system’s file logs are analyzed to identify the most appropriate technique for detecting malicious behavior, including attempts to retrieve confidential information, which can lead to data breaches. The results are evaluated using the Silhouette Score and Davies-Bouldin Score. Although existing techniques often overlook insider threats, such as untimely file access, among normal user activities, this paper focuses on mitigating such instances. It provides a comparative analysis of the strengths and weaknesses of each model, which contributes to improved data security in file systems.