Abstract In Electric Management Information System (MIS), there are some users who do not comply with all operation/behavior regulations and make the similar mistakes continuously even though they are not on purpose. These behaviors are a huge threat to the system security. In this paper, we propose a method to detect these regular behaviors with association rules mining algorithm FP-Growth. First, the user log is separated into operation sets each of which contains user operation in a continuous period. Then we divide the operation sets of all users into two catalogs: normal and abnormal based on if a security problem has happened around the corresponding period of operation set. Next, we apply the FP-Growth algorithm in both normal and abnormal operation sets to generate the frequent patterns. Finally, the abnormal pattern is compared with normal ones to determine the regular behaviors that may be dangerous to the system. We test the proposed algorithm in the user log files generated from a simulated electric management information system. The experiment results indicate the proposed method can effectively detect the regular user behavior that could cause the system security problems.
[1]
Sung Wook Baik,et al.
ARM-AMO: An efficient association rule mining algorithm based on animal migration optimization
,
2018,
Knowl. Based Syst..
[2]
William N. Dilla,et al.
The relationship between internal audit and information security: An exploratory investigation
,
2012,
Int. J. Account. Inf. Syst..
[3]
Kaixiang Peng,et al.
Mining temporal association rules with frequent itemsets tree
,
2018,
Appl. Soft Comput..
[4]
Davide Aloini,et al.
Process-mining-enabled audit of information systems: Methodology and an application
,
2018,
Expert Syst. Appl..