Anomaly detection over clustering multi-dimensional transactional audit streams

Hun Park Nam, Suk Lee Won

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

In anomaly detection, one important issue how to model the normal behavior of activities performed by a user is an important issue. To extract the normal behavior from the activities of a user, conventional data mining techniques are widely applied to a finite audit data set. However, these approaches can only model the static behavior of a user in the audit data set. This drawback can be overcome by viewing the continuous activities of a user as an audit data stream. This paper proposes an anomaly detection method that continuously models the normal behavior of a user over the multi-dimensional audit data stream. Each cluster represents the frequent range of the activities with respect to a set of features. As a result, without physically maintaining any historical activity of a user, the new activities of the user can be continuously reflected onto the on-going result. At the same time, various statistics of the activities related to the identified clusters are additionally modeled to improve the performance of anomaly detection. The proposed algorithm is analyzed by a series of experiments to identify various characteristics.

Original languageEnglish
Title of host publicationProceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008
Pages78-80
Number of pages3
DOIs
Publication statusPublished - 2008
Event1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008 - Incheon, Korea, Republic of
Duration: 2008 Jul 102008 Jul 11

Publication series

NameProceedings - 1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008

Other

Other1st IEEE International Workshop on Semantic Computing and Applications, IWSCA 2008
CountryKorea, Republic of
CityIncheon
Period08/7/1008/7/11

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Computer Science Applications

Fingerprint Dive into the research topics of 'Anomaly detection over clustering multi-dimensional transactional audit streams'. Together they form a unique fingerprint.

Cite this