Detection of Anomalous Sequential User Behavior

I have a dataset containing a set of normal user sessions. Each session contains a suite of ordered user requests on N system resources {R1, ..., RN}.

I want to design a continuous authentication algorithm, by confirming the user identity at each request command. More precisely, I don’t to let the user complete the whole session (all commands sequence) to authenticate him, but I want to do this at each resource requested command based on his previous normal sequences in the dataset.

How can I build a model over normal sequences to detect anomalous ones in Resource-by-Resource fashion ?

I found a lot of key concepts (Sequential Pattern Mining, Sequence Anomaly Detection, …), but I am completely confused about these concepts

I would like to know how to begin and which ML algorithm(s) I should use.

Topic sequential-pattern-mining anomaly-detection

Category Data Science

1
answered at

Your problem is commonly called discrete sequence anomaly detection.

One way to begin is to generate an anomaly score for the current item. If the anomaly score is above a threshold, label it as "anomalous".

An example of this approach is "A Sequence Anomaly Detection Approach Based on Isolation Forest Algorithm for Time-Series" by Weng and Liu.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.