Title :
Adaptive real-time anomaly detection using inductively generated sequential patterns
Author :
Teng, Henry S. ; Chen, Kaihu ; Lu, Stephen C.
Author_Institution :
Digital Equipment Corp., Marlboro, MA, USA
Abstract :
A time-based inductive learning approach to the problem of real-time anomaly detection is described. This approach uses sequential rules that characterize a user´s behavior over time. A rulebase is used to store patterns of user activities, and anomalies are reported whenever a user´s activity deviates significantly from those specified in the rules. The rules in the rulebase characterize either the sequential relationships between security audit records or the temporal properties of the records. The rules are created in two ways: they are either dynamically generated and modified by a time-based inductive engine in order to adapt to changes in a user´s behavior, or they are specified by the security management to implement a site security policy. This approach allows the correlation between adjacent security events to be exploited for the purpose of greater sensitivity in anomaly detection against seemingly intractable (or erratic) activities using statistical approaches. Real-time detection of anomaly activities is possible
Keywords :
real-time systems; security of data; adaptive real-time anomaly detection; inductively generated sequential patterns; real-time detection; sequential rules; temporal properties; time-based inductive engine; Computer security; Data security; Engines; Industrial engineering; Information security; Intelligent systems; Knowledge engineering; Laboratories; Real time systems; Systems engineering and theory;
Conference_Titel :
Research in Security and Privacy, 1990. Proceedings., 1990 IEEE Computer Society Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-2060-9
DOI :
10.1109/RISP.1990.63857
