BIRCH: an efficient data clustering method for very large databases
SIGMOD '96 Proceedings of the 1996 ACM SIGMOD international conference on Management of data
Incremental Clustering for Mining in a Data Warehousing Environment
VLDB '98 Proceedings of the 24rd International Conference on Very Large Data Bases
Anomaly intrusion detection by clustering transactional audit streams in a host computer
Information Sciences: an International Journal
Detecting anomalous network traffic with combined fuzzy-based approaches
ICIC'05 Proceedings of the 2005 international conference on Advances in Intelligent Computing - Volume Part II
Hi-index | 0.01 |
Although conventional clustering algorithms have been used to classify data objects in a data set into the groups of similar data objects based on data similarity, they can be employed to extract the common knowledge i.e. properties of similar data objects commonly appearing in a set of transactions. The common knowledge of the activities in the transactions of a user is represented by the occurrence frequency of similar activities by the unit of a transaction as well as the repetitive ratio of similar activities in each transaction. This paper proposes an optimized clustering method for modeling the normal pattern of a user's activities. Furthermore, it also addresses how to determine the optimal values of clustering parameters for a user as well as how to maintain identified common knowledge as a concise profile. As a result, it can be used to detect any anomalous behavior in an online transaction of the user.