IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Temporal modules: an approach toward federated temporal databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Temporal sequence learning and data reduction for anomaly detection
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Time Granularities in Databases, Data Mining and Temporal Reasoning
Time Granularities in Databases, Data Mining and Temporal Reasoning
ICDE '98 Proceedings of the Fourteenth International Conference on Data Engineering
On the Discovery of Interesting Patterns in Association Rules
VLDB '98 Proceedings of the 24rd International Conference on Very Large Data Bases
Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Discovery of Multiple-Level Association Rules from Large Databases
VLDB '95 Proceedings of the 21th International Conference on Very Large Data Bases
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A study in using neural networks for anomaly and misuse detection
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Exploratory medical knowledge discovery: experiences and issues
ACM SIGKDD Explorations Newsletter
User re-authentication via mouse movements
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining
Modelling misbehaviour in ad hoc networks: a game theoretic approach for intrusion detection
International Journal of Security and Networks
Implicit User Re-authentication for Mobile Devices
UIC '09 Proceedings of the 6th International Conference on Ubiquitous Intelligence and Computing
Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method
Journal of Systems and Software
| Hi-index | 0.00 |
Recently, association rules have been used to generate profiles of "normal" behavior for anomaly detection. However, the time factor (especially in terms of multiple time granularities) has not been utilized extensively in generation of these profiles. In reality, user behavior during different time intervals may be very different. For example, the "normal" number and duration of FTP connections may vary from working hours to midnight, from business day to weekend or holiday. Furthermore, these variations may depend on the day of the month or the week. This paper proposes to build profiles using temporal association rules in terms of multiple time granularities, and describes algorithms to discover these profiles. Because multiple time granularities are used for the profile generation, the proposed method is more flexible and precise than previous methods that use fixed partition of time intervals. Finally, the paper describes an experiment and its preliminary result on TCP-dump data.