论文信息 - Anomaly Intrusion Detection Systems: Handling Temporal Relations Between Events

Anomaly Intrusion Detection Systems: Handling Temporal Relations Between Events

Lately, many approaches have been developed to discover computer abuse. Some of them use data mining techniques to discover anomalous behavior in audit trail, considering this behavior as an intrusive one. This paper discusses a temporal knowledge representation of users' behavior that is used by data mining tools to construct behavior patterns. These are used to decide whether current behavior follows a certain normal pattern or differs from all known users’ behavior patterns. The representation uses Allen's temporal interval algebra to describe the temporal relations between events caused by the user. Also we discuss how our representation is used to help in the concept drift when the set of training samples is reduced by removing old data which is no more used for classification.

Seppo Puuronen | Alexandr Seleznyov

[1] Simson L. Garfinkel,et al. Practical UNIX Security , 1991 .

[2] R. Lathe. Phd by thesis , 1988, Nature.

[3] Sandeep Kumar,et al. Classification and detection of computer intrusions , 1996 .

[4] Teresa F. Lunt,et al. Knowledge-based intrusion detection , 1989, [1989] Proceedings. The Annual AI Systems in Government Conference.

[5] James F. Allen. Maintaining knowledge about temporal intervals , 1983, CACM.

[6] TWO-WEEK Loan COpy,et al. University of California , 1886, The American journal of dental science.

[7] Richard A. Kemmerer,et al. Penetration state transition analysis: A rule-based intrusion detection approach , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[8] T. Lane,et al. Sequence Matching and Learning in Anomaly Detection for Computer Security , 1997 .

[9] Eugene H. Spafford,et al. A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[10] Henry A. Kautz,et al. Integrating Metric and Qualitative Temporal Reasoning , 1991, AAAI.

[11] James F. Allen,et al. Actions and Events in Interval Temporal Logic , 1994, J. Log. Comput..

[12] J. C. Schlimmer,et al. Concept acquisition through representational adjustment , 1987 .

[13] Ramez Elmasri,et al. The Consensus Glossary of Temporal Database Concepts - February 1998 Version , 1997, Temporal Databases, Dagstuhl.