Security audit trail analysis using inductively generated predictive rules
Proceedings of the sixth conference on Artificial intelligence applications
Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Maintaining knowledge about temporal intervals
Communications of the ACM
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Misuse detection for information retrieval systems
CIKM '03 Proceedings of the twelfth international conference on Information and knowledge management
Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method
Journal of Systems and Software
Hi-index | 0.00 |
For the last decade an explosive spread of computer systems and computer networks has resulted in a society that is increasingly dependent on information stored on these systems. A computer system connected to the network is accessible from another computer in this network regardless of its geographical position. Along with providing many benefits for legitimate users this technology creates almost unlimited opportunities for malicious persons, which using software vulnerabilities may successfully penetrate the networked computer systems. In order to eliminate potential devastating consequences caused by breaches in computer systems, more and more attention is drawn to the information security problems. However, despite these efforts, the occurrences of the security violations in the computer networks became increasingly frequent. In this paper we discuss an approach to detect the intrusions. Being able to accurately recognize its legitimate users a system may effectively detect masqueraders. The paper particularly focuses on the question of temporal pattern extraction from user behavior and shows that sequential patterns are not the only ones that may be found in user events sequences. There are also temporal patterns present in user behavior, which together with sequential may be used for efficient user recognition.