Anomaly detection over clustering multi-dimensional transactional audit streams

Hun Park Nam, Suk Lee Won

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

In anomaly detection, one important issue how to model the normal behavior of activities performed by a user is an important issue. To extract the normal behavior from the activities of a user, conventional data mining techniques are widely applied to a finite audit data set. However, these approaches can only model the static behavior of a user in the audit data set. This drawback can be overcome by viewing the continuous activities of a user as an audit data stream. This paper proposes an anomaly detection method that continuously models the normal behavior of a user over the multi-dimensional audit data stream. Each cluster represents the frequent range of the activities with respect to a set of features. As a result, without physically maintaining any historical activity of a user, the new activities of the user can be continuously reflected onto the on-going result. At the same time, various statistics of the activities related to the identified clusters are additionally modeled to improve the performance of anomaly detection. The proposed algorithm is analyzed by a series of experiments to identify various characteristics.

Original languageEnglish
Title of host publicationProceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008
Pages78-80
Number of pages3
DOIs
Publication statusPublished - 2008 Sep 26
Event1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008 - Incheon, Korea, Republic of
Duration: 2008 Jul 102008 Jul 11

Publication series

NameProceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008

Other

Other1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008
CountryKorea, Republic of
CityIncheon
Period08/7/1008/7/11

Fingerprint

Data mining
Statistics
Experiments

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Computer Science Applications

Cite this

Nam, H. P., & Won, S. L. (2008). Anomaly detection over clustering multi-dimensional transactional audit streams. In Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008 (pp. 78-80). [4573154] (Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008). https://doi.org/10.1109/IWSCA.2008.17
Nam, Hun Park ; Won, Suk Lee. / Anomaly detection over clustering multi-dimensional transactional audit streams. Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008. 2008. pp. 78-80 (Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008).
@inproceedings{a4f1d51f389546dc8928cc3fd8f31cb2,
title = "Anomaly detection over clustering multi-dimensional transactional audit streams",
abstract = "In anomaly detection, one important issue how to model the normal behavior of activities performed by a user is an important issue. To extract the normal behavior from the activities of a user, conventional data mining techniques are widely applied to a finite audit data set. However, these approaches can only model the static behavior of a user in the audit data set. This drawback can be overcome by viewing the continuous activities of a user as an audit data stream. This paper proposes an anomaly detection method that continuously models the normal behavior of a user over the multi-dimensional audit data stream. Each cluster represents the frequent range of the activities with respect to a set of features. As a result, without physically maintaining any historical activity of a user, the new activities of the user can be continuously reflected onto the on-going result. At the same time, various statistics of the activities related to the identified clusters are additionally modeled to improve the performance of anomaly detection. The proposed algorithm is analyzed by a series of experiments to identify various characteristics.",
author = "Nam, {Hun Park} and Won, {Suk Lee}",
year = "2008",
month = "9",
day = "26",
doi = "10.1109/IWSCA.2008.17",
language = "English",
isbn = "9780769533179",
series = "Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008",
pages = "78--80",
booktitle = "Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008",

}

Nam, HP & Won, SL 2008, Anomaly detection over clustering multi-dimensional transactional audit streams. in Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008., 4573154, Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008, pp. 78-80, 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008, Incheon, Korea, Republic of, 08/7/10. https://doi.org/10.1109/IWSCA.2008.17

Anomaly detection over clustering multi-dimensional transactional audit streams. / Nam, Hun Park; Won, Suk Lee.

Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008. 2008. p. 78-80 4573154 (Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Anomaly detection over clustering multi-dimensional transactional audit streams

AU - Nam, Hun Park

AU - Won, Suk Lee

PY - 2008/9/26

Y1 - 2008/9/26

N2 - In anomaly detection, one important issue how to model the normal behavior of activities performed by a user is an important issue. To extract the normal behavior from the activities of a user, conventional data mining techniques are widely applied to a finite audit data set. However, these approaches can only model the static behavior of a user in the audit data set. This drawback can be overcome by viewing the continuous activities of a user as an audit data stream. This paper proposes an anomaly detection method that continuously models the normal behavior of a user over the multi-dimensional audit data stream. Each cluster represents the frequent range of the activities with respect to a set of features. As a result, without physically maintaining any historical activity of a user, the new activities of the user can be continuously reflected onto the on-going result. At the same time, various statistics of the activities related to the identified clusters are additionally modeled to improve the performance of anomaly detection. The proposed algorithm is analyzed by a series of experiments to identify various characteristics.

AB - In anomaly detection, one important issue how to model the normal behavior of activities performed by a user is an important issue. To extract the normal behavior from the activities of a user, conventional data mining techniques are widely applied to a finite audit data set. However, these approaches can only model the static behavior of a user in the audit data set. This drawback can be overcome by viewing the continuous activities of a user as an audit data stream. This paper proposes an anomaly detection method that continuously models the normal behavior of a user over the multi-dimensional audit data stream. Each cluster represents the frequent range of the activities with respect to a set of features. As a result, without physically maintaining any historical activity of a user, the new activities of the user can be continuously reflected onto the on-going result. At the same time, various statistics of the activities related to the identified clusters are additionally modeled to improve the performance of anomaly detection. The proposed algorithm is analyzed by a series of experiments to identify various characteristics.

UR - http://www.scopus.com/inward/record.url?scp=52249121580&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=52249121580&partnerID=8YFLogxK

U2 - 10.1109/IWSCA.2008.17

DO - 10.1109/IWSCA.2008.17

M3 - Conference contribution

AN - SCOPUS:52249121580

SN - 9780769533179

T3 - Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008

SP - 78

EP - 80

BT - Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008

ER -

Nam HP, Won SL. Anomaly detection over clustering multi-dimensional transactional audit streams. In Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008. 2008. p. 78-80. 4573154. (Proceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008). https://doi.org/10.1109/IWSCA.2008.17