TY - GEN
T1 - Anomaly detection over clustering multi-dimensional transactional audit streams
AU - Nam, Hun Park
AU - Won, Suk Lee
PY - 2008
Y1 - 2008
N2 - In anomaly detection, one important issue how to model the normal behavior of activities performed by a user is an important issue. To extract the normal behavior from the activities of a user, conventional data mining techniques are widely applied to a finite audit data set. However, these approaches can only model the static behavior of a user in the audit data set. This drawback can be overcome by viewing the continuous activities of a user as an audit data stream. This paper proposes an anomaly detection method that continuously models the normal behavior of a user over the multi-dimensional audit data stream. Each cluster represents the frequent range of the activities with respect to a set of features. As a result, without physically maintaining any historical activity of a user, the new activities of the user can be continuously reflected onto the on-going result. At the same time, various statistics of the activities related to the identified clusters are additionally modeled to improve the performance of anomaly detection. The proposed algorithm is analyzed by a series of experiments to identify various characteristics.
AB - In anomaly detection, one important issue how to model the normal behavior of activities performed by a user is an important issue. To extract the normal behavior from the activities of a user, conventional data mining techniques are widely applied to a finite audit data set. However, these approaches can only model the static behavior of a user in the audit data set. This drawback can be overcome by viewing the continuous activities of a user as an audit data stream. This paper proposes an anomaly detection method that continuously models the normal behavior of a user over the multi-dimensional audit data stream. Each cluster represents the frequent range of the activities with respect to a set of features. As a result, without physically maintaining any historical activity of a user, the new activities of the user can be continuously reflected onto the on-going result. At the same time, various statistics of the activities related to the identified clusters are additionally modeled to improve the performance of anomaly detection. The proposed algorithm is analyzed by a series of experiments to identify various characteristics.
UR - http://www.scopus.com/inward/record.url?scp=52249121580&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=52249121580&partnerID=8YFLogxK
U2 - 10.1109/IWSCA.2008.17
DO - 10.1109/IWSCA.2008.17
M3 - Conference contribution
AN - SCOPUS:52249121580
SN - 9780769533179
T3 - Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008
SP - 78
EP - 80
BT - Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008
T2 - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008
Y2 - 10 July 2008 through 11 July 2008
ER -