Skip to main content
SpringerLink
Log in
Book cover

Computational Intelligence in Security for Information Systems pp 19–27Cite as

Clustering of Windows Security Events by Means of Frequent Pattern Mining

  • Conference paper

  • 797 Accesses

Part of the book series: Advances in Intelligent and Soft Computing ((AINSC,volume 63))

Abstract

This paper summarizes the results obtained from the application of Data Mining techniques in order to detect usual behaviors in the use of computers. For that, based on real security event logs, two different clustering strategies have been developed. On the one hand, a clustering process has been carried out taking into account the characteristics that define the events in a quantitative way. On the other hand, an approach based on qualitative aspects has been developed, mainly based on the interruptions among security events. Both approaches have shown to be effective and complementary in order to cluster security audit trails of Windows systems and extract useful behavior patterns.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical report, Fort Washington (1980)

    Google Scholar 

  2. Denning, D.E.: An Intrusion-Detection Model. IEEE transaction on Software Engineering 13(2), 222–232 (1987)

    Article  Google Scholar 

  3. Teng, H., Chen, K., Lu, S.: Adaptive real-time anomaly detection using inductively generated sequential patterns. In: Proceedings of 1990 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, California, May 7-9, pp. 278–284 (1990)

    Google Scholar 

  4. Debar, H., Becker, M., Siboni, D.: A Neural Network Component for an Intrusion DetectionSystem. In: Proceedings, IEEE Symposium on Research in Computer Security and Privacy, pp. 240–250 (1992)

    Google Scholar 

  5. Endler, D.: Intrusion detection: Applying machine learning to solaris audit data. In: Proceedings of the 1998 Annual Computer Security Applications Conference (ACSAC 1998), Scottsdale, AZ, pp. 268–279. IEEE Computer Society, Los Alamitos (1998)

    Google Scholar 

  6. Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the Seventh USENIX Security Symposium (SECURITY 1998), San Antonio, TX (January 1998)

    Google Scholar 

  7. Lane, T., Brodley, C.E.: Temporal Sequence Learning and Data Reduction for Anomaly Detection. ACM Transactions on Information and System Security 2, 295–331 (1999)

    Article  Google Scholar 

  8. Larosa, C., Xiong, L., Mandelberg, K.: Frequent pattern mining for kernel trace data. In: SAC 2008: Proceedings of the 2008 ACM symposium on Applied computing, Brazil, pp. 880–885 (2008)

    Google Scholar 

  9. Rana, A.Z., Bell, J.: Using event attribute name-value pairs for summarizing log data. In: AusCERT 2007 (2007)

    Google Scholar 

  10. Vaarandi, R.: Mining Event Logs with SLCT and LogHound. In: Proceedings of the 2008 IEEE/IFIP Network Operations and Management Symposium, pp. 1071–1074 (2008)

    Google Scholar 

  11. Viinikka, J.: Time series modeling for IDS Alert Management. In: ACM ASIAN Symposium on Information (2006)

    Google Scholar 

  12. Burdick, D., Calimlim, M., Gehrke, J.: A maximal frequent itemset algorithm for transactional databases. IEEE Trans. Knowl. Data Eng. 17(11), 1490–1504 (2005)

    Article  Google Scholar 

  13. Fayyad, U., Piatetsky-Shapiro, G., Smyth, P.: The KDD process for extracting useful knowledge from volumes of data. Communications of the ACM 39(11), 27–34 (1996)

    Article  Google Scholar 

  14. MacQueen, J.B.: Some Methods for classification and Analysis of Multivariate Observations. In: Proceedings of 5th Berkeley Symposium on Mathematical Statistics and Probability, vol. 1, pp. 281–297. University of California Press (1967)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Mondragon University, Mondragon, Spain

    Rosa Basagoiti, Urko Zurutuza & Asier Aztiria

  2. Grupo S21sec Gestión S.A., Orcoyen, Spain

    Guzmán Santafé & Mario Reyes

Authors
  1. Rosa Basagoiti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Urko Zurutuza
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Asier Aztiria
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Guzmán Santafé
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mario Reyes
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Grupo de Inteligencia, Computacional Aplicada, Área de Lenguajes y, Sistemas Informáticos, Escuela Politécnica Superior, Universidad de Burgos , Calle Francisco de Vitoria S/N, Edifico C, 09006, Burgos, Spain

    Álvaro Herrero

  2. Dept. of Biophysical and Electronic Engineering, Genova University , Via Opera Pia 11a, 16145, Genova, Italy

    Paolo Gastaldo

  3. Dept. of Biophysical and Electronic Engineering, Genova University , Via Opera Pia 11a, 16145, Genova, Italy

    Rodolfo Zunino

  4. Grupo de Inteligencia, Computacional Aplicada, Área de Lenguajes y Sistemas Informáticos, Escuela Politénica Superior, Universidad de Burgos , Calle Francisco de Vitoria S/N, Edifico C, 09006, Burgos, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Basagoiti, R., Zurutuza, U., Aztiria, A., Santafé, G., Reyes, M. (2009). Clustering of Windows Security Events by Means of Frequent Pattern Mining. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Advances in Intelligent and Soft Computing, vol 63. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04091-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04091-7_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04090-0

  • Online ISBN: 978-3-642-04091-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation