With the increasing complexity and dynamics of database and information systems, it becomes more and more di cult for administrative personnel to identify, specify and enforce security policies that govern against the misuse of data. Often security policies are not known, too imprecise or simply have been disabled because of changing requirements. Recently several proposals have been made to use data mining techniques to discover pro les and anomalous user behavior from audit logs. These approaches, however, are often too ne-grained in that they compute too many rules to be useful for an administrator in implementing appropriate security enforcing mechanisms. In this paper we present a novel approach to discover security policies from audit logs. The approach is based on the usage of multiple concept hierarchies that specify properties of objects at di erent levels of abstraction and thus can embed useful domain knowledge. A pro ler, attached to the information system's auditing ...
Christina Yip Chung, Michael Gertz, Karl N. Levitt