Abstract
This paper summarizes the results obtained from the application of Data Mining techniques in order to detect usual behaviors in the use of computers. For that, based on real security event logs, two different clustering strategies have been developed. On the one hand, a clustering process has been carried out taking into account the characteristics that define the events in a quantitative way. On the other hand, an approach based on qualitative aspects has been developed, mainly based on the interruptions among security events. Both approaches have shown to be effective and complementary in order to cluster security audit trails of Windows systems and extract useful behavior patterns.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical report, Fort Washington (1980)
Denning, D.E.: An Intrusion-Detection Model. IEEE transaction on Software Engineering 13(2), 222–232 (1987)
Teng, H., Chen, K., Lu, S.: Adaptive real-time anomaly detection using inductively generated sequential patterns. In: Proceedings of 1990 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, California, May 7-9, pp. 278–284 (1990)
Debar, H., Becker, M., Siboni, D.: A Neural Network Component for an Intrusion DetectionSystem. In: Proceedings, IEEE Symposium on Research in Computer Security and Privacy, pp. 240–250 (1992)
Endler, D.: Intrusion detection: Applying machine learning to solaris audit data. In: Proceedings of the 1998 Annual Computer Security Applications Conference (ACSAC 1998), Scottsdale, AZ, pp. 268–279. IEEE Computer Society, Los Alamitos (1998)
Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the Seventh USENIX Security Symposium (SECURITY 1998), San Antonio, TX (January 1998)
Lane, T., Brodley, C.E.: Temporal Sequence Learning and Data Reduction for Anomaly Detection. ACM Transactions on Information and System Security 2, 295–331 (1999)
Larosa, C., Xiong, L., Mandelberg, K.: Frequent pattern mining for kernel trace data. In: SAC 2008: Proceedings of the 2008 ACM symposium on Applied computing, Brazil, pp. 880–885 (2008)
Rana, A.Z., Bell, J.: Using event attribute name-value pairs for summarizing log data. In: AusCERT 2007 (2007)
Vaarandi, R.: Mining Event Logs with SLCT and LogHound. In: Proceedings of the 2008 IEEE/IFIP Network Operations and Management Symposium, pp. 1071–1074 (2008)
Viinikka, J.: Time series modeling for IDS Alert Management. In: ACM ASIAN Symposium on Information (2006)
Burdick, D., Calimlim, M., Gehrke, J.: A maximal frequent itemset algorithm for transactional databases. IEEE Trans. Knowl. Data Eng. 17(11), 1490–1504 (2005)
Fayyad, U., Piatetsky-Shapiro, G., Smyth, P.: The KDD process for extracting useful knowledge from volumes of data. Communications of the ACM 39(11), 27–34 (1996)
MacQueen, J.B.: Some Methods for classification and Analysis of Multivariate Observations. In: Proceedings of 5th Berkeley Symposium on Mathematical Statistics and Probability, vol. 1, pp. 281–297. University of California Press (1967)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Basagoiti, R., Zurutuza, U., Aztiria, A., Santafé, G., Reyes, M. (2009). Clustering of Windows Security Events by Means of Frequent Pattern Mining. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Advances in Intelligent and Soft Computing, vol 63. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04091-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-04091-7_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04090-0
Online ISBN: 978-3-642-04091-7
eBook Packages: EngineeringEngineering (R0)