Sciweavers

RAID
1999
Springer

Anomaly Intrusion Detection Systems: Handling Temporal Relations Between Events

14 years 4 months ago
Anomaly Intrusion Detection Systems: Handling Temporal Relations Between Events
Lately, many approaches have been developed to discover computer abuse. Some of them use data mining techniques to discover anomalous behavior in audit trail, considering this behavior as an intrusive one. This paper discusses a temporal knowledge representation of users' behavior that is used by data mining tools to construct behavior patterns. These are used to decide whether current behavior follows a certain normal pattern or differs from all known users’ behavior patterns. The representation uses Allen's temporal interval algebra to describe the temporal relations between events caused by the user. Also we discuss how our representation is used to help in the concept drift when the set of training samples is reduced by removing old data which is no more used for classification.
Alexandr Seleznyov, Seppo Puuronen
Added 04 Aug 2010
Updated 04 Aug 2010
Type Conference
Year 1999
Where RAID
Authors Alexandr Seleznyov, Seppo Puuronen
Comments (0)