Negative Selection and Knuth Morris Pratt Algorithm for Anomaly Detection

In this paper an algorithm for detecting anomalous behavior on computer systems is proposed. The work is based on information from the behavior of authorized users who have performed various tasks on a computer system over two years. The study uses a dynamic data structure that can encode the current activities of users and their behaviors. The identification of the most and least frequent tasks, based on the historical database of each user, provides a simple way of creating a single profile of behavior. With this profile, we apply negative selection techniques to obtain a reasonable computational size set of anomalous detectors. We then apply the Knuth-Morris-Pratt algorithm for locating detectors of anomalies as indicators of fraudulent behavior. This procedure for detecting anomalous behavior has been tested on real data and the results prove the effectiveness of the proposal and motivate further research to improve the existing detection system.