Islambek Saymanov, Firdavs Muxammadiev and Gayrat Juraev
Adv. Artif. Intell. Mach. Learn., XX (XX):-
1. Islambek Saymanov: National University of Uzbekistan
2. Firdavs Muxammadiev: National University of Uzbekistan;Engineering Federation of Uzbekistan
3. Gayrat Juraev: Tashkent State University of Economics
DOI: https://dx.doi.org/10.54364/AAIML.2026.62284
Article History: Received on: 07-Dec-25, Accepted on: 29-Dec-25, Published on: 02-Mar-26
Corresponding Author: Islambek Saymanov
Email: islambeksaymanov@gmail.com
Citation: Islambek Saymanov, et al. Detecting Anomalous States Through File Operations Using Unsupervised Learning Algorithms. Advances in Artificial Intelligence and Machine Learning. 2026. (Ahead of Print). https://dx.doi.org/10.54364/AAIML.2026.62284
To address the challenge of detecting insider threats, this study proposes identifying anomalous cases by analyzing user file operations recorded in organizational system logs. This study involved monitoring user document operations in a special laboratory environment, from which a sample dataset was systematically created for further analysis. Relevant data sources were identified to capture file-based user activities through operating system logs. Features suitable for the study were selected. Cleaning, filtering, and normalization were performed on the data. The cleaned data were consolidated into a single dataset and analyzed using unsupervised learning and statistical methods suitable for classification tasks. The following algorithms were selected: Isolation Forest, Local Outlier Factor, One-Class Support Vector Machine (SVM), and Z-Score. A total of 50 anomalous actions were performed by users in the study. As a result of the evaluation, 36 of these 50 anomalous cases were consistently as anomalies by all algorithms. This study demonstrates the potential for real-time detection of insider threats in the future. The approach is particularly relevant for organizations that handle sensitive data, and it can be integrated into UEBA and DLP systems.