Overview of Machine Learning-Based Anomaly Detection in Linux-Based File Systems
摘要
Developing an anomaly detection framework for Linux-based systems requires extensive knowledge of the target system, user access patterns to the files, and system logs. This study presents an overview of methodologies that use unsupervised machine learning models such as DBSCAN, Isolation Forest, and Hidden Markov Models (HMM), to cluster normal user file access activities on Linux-based HDFS environment. The target system’s file logs are analyzed to identify the most appropriate technique for detecting malicious behavior, including attempts to retrieve confidential information, which can lead to data breaches. The results are evaluated using the Silhouette Score and Davies-Bouldin Score. Although existing techniques often overlook insider threats, such as untimely file access, among normal user activities, this paper focuses on mitigating such instances. It provides a comparative analysis of the strengths and weaknesses of each model, which contributes to improved data security in file systems.