Tracking Suspicious User Behavior Through Hybrid Feature Selection Technique

  • Anusree RoyEmail author
  • Mousumi Gupta
Conference paper
Part of the Learning and Analytics in Intelligent Systems book series (LAIS, volume 12)


Detection of suspicious user behavior is essential in current scenario. It is required in various fields such as social networks, statistics, and knowledge discovery, finance etc. Web surfing through internet is growing rapidly than last few years. Total numbers of searching sites are more than billion and the same way the number of users increases in huge amount. The traditional cyber security system sometime fails as definition of anomalous has changed. The attacker uses new approach and innovative techniques to create vulnerability. So, there is a need for hybrid feature selection approach which can deal with this kind of threat. In this paper, an isolation forest approach has been proposed which utilizes a hybrid feature selection technique. The proposed feature selection approach uses one hot encoding with binning features and feature crosses with synthetic features. The final result shows the maximum accuracy. Proposed hybrid feature selection approach is tested on real time company dataset and it has been observed that this technique helps to identify suspicious activity in the social networks with greater accuracy. Here, the suspicious activities include; no of login failed, user location, excess time, no of file request, no of login.


Anomaly detection Binning Isolation forest Hybrid feature Cyber security Threat 


  1. 1.
    Liao, L., Luo, B.: Entropy isolation forest based on dimension entropy for anomaly detection, In: Peng, H., Deng, C., Wu, Z., Liu, Y. (eds.) Computational Intelligence and Intelligent Systems, ISICA (2018), vol. 986, pp. 365–376. Springer, Singapore (2018)Google Scholar
  2. 2.
    Puggini, L., McLoone, S.: An enhanced variable selection and Isolation Forest based methodology for anomaly detection with OES data. Eng. Appl. Artif. Intell. 67, 126–135 (2018)CrossRefGoogle Scholar
  3. 3.
    Puggini, L., Mcloone, S.: Forward selection component analysis: algorithms and applications. IEEE Trans. Pattern Anal. Mach. Intell. 39(12), 1–12 (2017)CrossRefGoogle Scholar
  4. 4.
    Puggini, L., Doyle, J., McLoone, S.: Fault detection using random forest similarity distance. IFAC-Safe Process, pp. 132–137 (2017)Google Scholar
  5. 5.
    Bandaragoda, T.R., Ting, K.M., Albrecht, D., Liu, F.T., Wells, J.R.: Efficient anomaly detection by isolation using nearest neighbour ensemble. In: 2014 IEEE International Conference on Data Mining Workshop, pp. 698–705 (2014)Google Scholar
  6. 6.
    Pandit, R.K., Infield, D.: SCADA-based wind turbine anomaly detection using Gaussian process models for wind turbine condition monitoring purposes. IET Renew. Power Gener. 12(11), 1249–1255 (2018)CrossRefGoogle Scholar
  7. 7.
    Ram, P., Gray, A.G.: Fraud detection with density estimation trees. In: KDD 2017 Workshop on Anomaly Detection in Finance, pp. 85–94 (2018)Google Scholar
  8. 8.
    Raanan, B.-Y., Bellingham, J., Zhang, Y., Kemp, M., Kieft, B., Singh, H., Girdhar, Y.: Detection of unanticipated faults for autonomous underwater vehicles using online topic models. J. Field Robot. 35, 705–716 (2018)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of Computer ApplicationSikkim Manipal Institute of Technology Sikkim Manipal UniversitySikkimIndia

Personalised recommendations