Abstract:  This paper introduces a host anomaly detection scheme based on support vector machine algo.rithm, which aims to detect abnormal behavior in user operations in a rapid and accurate way, and im.mediately remind users to take intervention measures to ensure the overall security of the system. Specif.ically , this scheme first uses natural language processing technology to extract features and construct fea.ture vectors ; then, principal component analysis algorithm is used to reduce the dimension of feature da.ta in order to improve the speed and elliciency of subsequent processing; after that, support vector ma-chine algorithm is used to lear and distinguish between normal and abnormal operation modes of thehost. and then an eflicient detection model is constructed. Finally, the fully trained model is used todetect whether the host has abnormal operation in real time. In order to verily the practical applicationelfeet of this method, the ADFA-LD data set of Australian Defense College is selected for empirical re.search, and satis factory detection performance is achieved.

Key words: cyberspace security, machine learning, host anomaly detection, support vector machine, natural language processing