Learning temporal patterns for anomaly intrusion detection

Quantified Score

Visualization

Abstract

For the last decade an explosive spread of computer systems and computer networks has resulted in a society that is increasingly dependent on information stored on these systems. A computer system connected to the network is accessible from another computer in this network regardless of its geographical position. Along with providing many benefits for legitimate users this technology creates almost unlimited opportunities for malicious persons, which using software vulnerabilities may successfully penetrate the networked computer systems. In order to eliminate potential devastating consequences caused by breaches in computer systems, more and more attention is drawn to the information security problems. However, despite these efforts, the occurrences of the security violations in the computer networks became increasingly frequent. In this paper we discuss an approach to detect the intrusions. Being able to accurately recognize its legitimate users a system may effectively detect masqueraders. The paper particularly focuses on the question of temporal pattern extraction from user behavior and shows that sequential patterns are not the only ones that may be found in user events sequences. There are also temporal patterns present in user behavior, which together with sequential may be used for efficient user recognition.