Enhancing Profiles for Anomaly Detection Using Time Granularities
Recently, association rules have been used to generate profiles of normal behavior for anomaly detection. However, the time factor (especially in terms of multiple time granularities) has not been utilized extensively in generation of these profiles. In reality, user behavior during different time i...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2002
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/161 https://ink.library.smu.edu.sg/context/sis_research/article/1160/viewcontent/Enhancing_profiles_for_anomaly_detection_using_time_granularities_2000_pp.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-1160 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-11602018-06-29T08:40:21Z Enhancing Profiles for Anomaly Detection Using Time Granularities LI, Yingjiu WU, Ningning WANG, X. Sean JAJODIA, Sushil Recently, association rules have been used to generate profiles of normal behavior for anomaly detection. However, the time factor (especially in terms of multiple time granularities) has not been utilized extensively in generation of these profiles. In reality, user behavior during different time intervals may be very different. For example, the normal number and duration of FTP connections may vary from working hours to midnight, from business day to weekend or holiday. Furthermore, these variations may depend on the day of the month or the week. This paper proposes to build profiles using temporal association rules in terms of multiple time granularities, and describes algorithms to discover these profiles. Because multiple time granularities are used for the profile generation, the proposed method is more flexible and precise than previous methods that use fixed partition of time intervals. Finally, the paper describes an experiment and its preliminary result on TCP-dump data. 2002-01-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/161 info:doi/10.3233/JCS-2002-101-206 https://ink.library.smu.edu.sg/context/sis_research/article/1160/viewcontent/Enhancing_profiles_for_anomaly_detection_using_time_granularities_2000_pp.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Information Security |
| spellingShingle |
Information Security LI, Yingjiu WU, Ningning WANG, X. Sean JAJODIA, Sushil Enhancing Profiles for Anomaly Detection Using Time Granularities |
| description |
Recently, association rules have been used to generate profiles of normal behavior for anomaly detection. However, the time factor (especially in terms of multiple time granularities) has not been utilized extensively in generation of these profiles. In reality, user behavior during different time intervals may be very different. For example, the normal number and duration of FTP connections may vary from working hours to midnight, from business day to weekend or holiday. Furthermore, these variations may depend on the day of the month or the week. This paper proposes to build profiles using temporal association rules in terms of multiple time granularities, and describes algorithms to discover these profiles. Because multiple time granularities are used for the profile generation, the proposed method is more flexible and precise than previous methods that use fixed partition of time intervals. Finally, the paper describes an experiment and its preliminary result on TCP-dump data. |
| format |
text |
| author |
LI, Yingjiu WU, Ningning WANG, X. Sean JAJODIA, Sushil |
| author_facet |
LI, Yingjiu WU, Ningning WANG, X. Sean JAJODIA, Sushil |
| author_sort |
LI, Yingjiu |
| title |
Enhancing Profiles for Anomaly Detection Using Time Granularities |
| title_short |
Enhancing Profiles for Anomaly Detection Using Time Granularities |
| title_full |
Enhancing Profiles for Anomaly Detection Using Time Granularities |
| title_fullStr |
Enhancing Profiles for Anomaly Detection Using Time Granularities |
| title_full_unstemmed |
Enhancing Profiles for Anomaly Detection Using Time Granularities |
| title_sort |
enhancing profiles for anomaly detection using time granularities |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2002 |
| url |
https://ink.library.smu.edu.sg/sis_research/161 https://ink.library.smu.edu.sg/context/sis_research/article/1160/viewcontent/Enhancing_profiles_for_anomaly_detection_using_time_granularities_2000_pp.pdf |
| _version_ |
1770568906846502912 |