Abstract
The problem of user behavior modeling arises in many fields of computer science and software engineering. In this paper we investigate a data mining approach for learning probabilistic user behavior models from the database usage logs. We propose a procedure for translating database traces into representation suitable for applying data mining methods. However, most existing data mining methods rely on the order of actions and ignore time intervals between actions. To avoid this problem we propose novel method based on combination of decision tree classification algorithm and empirical time-dependent feature map, motivated by potential functions theory. The performance of the proposed method was experimentally evaluated on real-world data. The comparison with existing state-of-the-art data mining methods has confirmed outstanding performance of our method in predictive user behavior modeling and has demonstrated competitive results in anomaly detection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aizerman, M.A., Braverman, E.M., Rozonoer, L.I.: Method of Potential Functions in the Theory of Learning Machines. Nauka, Moscow (in Russian) (1970)
Dan, P., Yu, S., Chung, J.-Y.: Characterization of database access pattern for analytic prediction of buffer hit probability. VLDB J. 4(1), 127–154 (1995)
Debar, H., Becke, M., Siboni, D.: A neural network component for an intrusion detection system. In: IEEE Symp. on Security and Privacy, pp. 240–250 (1992)
Ghosh, A., Schwartzbard, A., Schatz, M.: Learning Program Behavior for Intrusion Detection. In: 11th USENIX Workshop on Intrusion Detection and Network Monitoring, Florida, CA (1999)
Hastie, T.: The Elements of Statistical Learning. Springer, New York (2001)
Lee, W., Stolfo, S.: Data mining approaches for intrusion detection. In: 7th USENIX Security Symposium (SECURITY 1998) (1998)
Liu, B., Hsu, W., Ma, Y.: Integrating classification and association rule mining. In: 4th Int. Conf. on KDD and Data Mining, pp. 80–96 (1998)
Manavoglu, E., Pavlov, D., Giles, C.: Probabilistic User Behavior Models. In: IEEE Int. Conf. on Data Mining (ICDM-2003), Melbourne, FL (2003)
Maxion, R., Roberts, R.: Proper Use of ROC Curves in Intrusion/Anomaly Detection, Tech. report CS-TR-871, University of Newcastle upon Tyne (2004)
Piatetsky-Shapiro, G., Fayyad, U., Smyth, P., Uthurusamy, R.: Advances in Knowledge Discovery and Data Mining. AAAI Press/MIT Press, Menlo Park (1996)
Quinlan, J.: Generating production rules from decision trees. In: 10th International Joint Conference on Artificial Intelligence, pp. 304–307 (1987)
Sarwar, B., Karypis, G., Konstan, J., Riedl, J.: Item-based Collaborative Filtering Recommendation Algorithms. In: 10th International World Wide Web Conference, pp. 285–295 (2001)
Tang, Z.-H., MacLennan, J.: Data Mining with SQL Server 2005. Wiley Publishing, Chichester (2005)
Valeur, F., Mutz, D., Vigna, G.: A Learning-Based Approach to the Detection of SQL Attacks. In: IEEE Conf. on Detection of Intrusions and Malware & Vulnerability Assessment, pp. 123–140 (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Petrovskiy, M. (2008). A Data Mining Approach to Learning Probabilistic User Behavior Models from Database Access Log. In: Filipe, J., Shishkov, B., Helfert, M. (eds) Software and Data Technologies. ICSOFT 2006. Communications in Computer and Information Science, vol 10. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70621-2_26
Download citation
DOI: https://doi.org/10.1007/978-3-540-70621-2_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70619-9
Online ISBN: 978-3-540-70621-2
eBook Packages: Computer ScienceComputer Science (R0)