Abnormal behavior detection system using quadratic analysis of entire use behavior pattern during personalized connection period

What is claimed is: 1 . An abnormality detection part of an abnormal behavior detection system which analyzes the frequency of behaviors in the same connection situation occurring during the entire connection period through pattern analysis of use behaviors of the entire connection period in order to detect an abnormal behavior when predetermined situation information is received from a situation information collection system in a BYOD (Bring Your Own Device) and smart work environment, the abnormality detection part comprising: an abnormal behavior analysis module which carries out ‘detection of variation of the entire behavior item’ and ‘detection of variation of an individual behavior item’ using the frequency of use behaviors during the present connection and the average of use behaviors during the past connection through the use behavior pattern analysis procedures of the entire connection period in order to analyze whether use of web service is abnormal or not; a detection demand classifying module which classifies received detection demand messages and transfers the classified messages to each analysis part of the abnormal behavior analysis module; and an abnormal behavior detection module which generates information on a detection result of normality or abnormality when the analysis result of the abnormal behavior analysis module is stored and which transfers the generated information to a control system, wherein the abnormal behavior analysis module includes an entire use behavior analysis part which carries out the first analysis for analyzing a use behavior pattern during the entire connection period and carries out the second analysis based on service use speed when the first analysis generates a result value of suspicion. 2 . The abnormality detection part according to claim 1 , wherein the entire use behavior analysis part includes: a first entire use behavior analysis part which carries out the first analysis for analyzing a pattern of the entire use behavior during the connection period; and a second entire use behavior analysis part which carries out the second analysis based on service use speed if the first entire use behavior analysis part outputs a result value of suspicion. 3 . The abnormality detection part according to claim 2 , wherein the first entire use behavior analysis part includes: a use behavior inquiry part for inquiring use processing information; a first frequency analysis part for detecting the frequency of use behaviors occurring during the entire connection period from the present processing information; a profile inquiry part for inquiring the corresponding user's past profile information; a second frequency analysis part for detecting the frequency of the user's behaviors in the same connection situation as the past; and a use behavior comparing part which calculates an error value by each behavior and judges whether or not the present user's use behavior is abnormal according to the calculated error value in order to carry out the ‘variation detection of the entire behavior item’, and judges whether or not the present user's use behavior is abnormal using the variation by individual behavior item in order to carry out the ‘variation detection of individual behavior item’. 4 . The abnormality detection part according to claim 2 , wherein the second entire use behavior analysis part includes: a detection part for detecting the number of times of service use which detects the number of the present user's service use behaviors; a service use time detection part which detects the present user's service use time; an inquiry part for inquiring the number of times of past service use which loads the profile data stored in the storing part and detects the number of the user's past service use behaviors; a past service use time detection part which loads the profile data stored in the storing part and detects the user's past service use time; and a use behavior analysis part which compares the present service use speed with the past service use speed through regression analysis and judges whether or not the present user's use behavior is normal. 5 . The abnormality detection part according to claim 4 , wherein the use behavior analysis part includes: a data collection part which collects N-past profile data; a regression line generating part which generates a regression line related with the collected profile data in order to analyze the user's use speed; a normal range setting part which obtains an average residual based on the generated regression line, and sets a normal range of the residual between the present service use speed and the past service use speed; a use speed comparing part which obtains a residual and checks whether or not the residual belongs to the normal range; and a normality judging part which judges the present user's use behavior as normality or abnormality according to whether or not the residual belongs to the normal range. 6 . The abnormality detection part according to claim 5 , wherein the regression line generating part generates a regression line referring to the following equation: y=a 0 +a 1 x a 1 = n  ∑ i = 1 n  x i  y i - ∑ i = 1 n  x i  ∑ i = 1 n  y i n  ∑ i = 1