Computer User Behavior Anomaly Detection Based on K-Means Algorithm

As an effective network protection method, computer user behavior anomaly detection can detect unknown attack behaviors. In order to detect user behavior anomalies more efficiently, the authors propose a computer user behavior anomaly detection model based on the K-means algorithm. According to the actual characteristics of single-user behavior, the algorithm uses sliding time window to define transactions and uses the first location strategy to mine behavior patterns. On this basis, the fault-tolerant mode is adopted to compare the current behavior mode with the normal behavior mode, and the anomaly detection results are obtained. Experiments show that using data mining technology, the association rules of user commands, and the mining of sequence patterns, it can effectively discover the user’s behavior pattern, and using sequence matching algorithms such as recursive correlation functions and calculating the similarity between the user’s historical pattern and the current pattern, it provides the possibility to accurately judge user behavior. The following conclusions are obtained through experiments: the model training time is short, the accuracy is high, and it has certain robustness.