Clustering of Windows Security Events by Means of Frequent Pattern Mining

被引：0

作者：

Basagoiti, Rosa ^{[1
]}

Zurutuza, Urko ^{[1
]}

Aztiria, Asier ^{[1
]}

Santafe, Guzman ^{[2
]}

Reyes, Mario ^{[2
]}

机构：

[1] Mondragon Univ, Arrasate Mondragon, Spain

[2] Grupo S21sec Gestion SA, Orcoyen, Spain

来源：

COMPUTATIONAL INTELLIGENCE IN SECURITY FOR INFORMATION SYSTEMS | 2009年 / 63卷

关键词：

Windows security event analysis; data mining; frequent pattern mining; intrusion detection; anomaly detection;

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

This paper summarizes the results obtained from the application of Data Mining techniques in order to detect usual behaviors in the use of computers. For that, based on real security event logs, two different clustering strategies have been developed. On the one hand, a clustering process has been carried out taking into account the characteristics that define the events in a quantitative way. On the other hand, an approach based on qualitative aspects has been developed, mainly based on the interruptions among security events. Both approaches have shown to be effective and complementary in order to cluster security audit traits of Windows systems and extract useful behavior patterns.

引用

页码：19 / +

页数：3

共 14 条

[1]

Anderson James P., 1980, Computer Security Threat Monitoring and Surveillance

[2] MAFIA: A maximal frequent itemset algorithm [J].

Burdick, D ;

Calimlim, M ;

Flannick, J ;

Gehrke, J ;

Yiu, TM .

IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, 2005, 17 (11) :1490-1504

[3]

Debar H., 1992, Proceedings. 1992 IEEE Computer Society Symposium on Research in Security and Privacy (Cat. No.92CH3157-5), P240, DOI 10.1109/RISP.1992.213257

[4] AN INTRUSION-DETECTION MODEL [J].