Automated Anomaly Detection Using Time-Variant Normal Profiling

Author

Kim, Jung Yeop ; Gantenbein, Rex E.

Author_Institution

Utica Coll., Utica

fYear

2006

fDate

24-26 July 2006

Firstpage

1

Lastpage

4

Abstract

Anomaly detection provides automated detection of unauthorized intrusion into a computer system by creating a normal profile of the system\´s behavior, then raising an alert when the system\´s behavior does not fit the system\´s normal profile. Approaches to anomaly detection that focus on investigating user\´s behavior typically assume that a user\´s command sequences will not vary significantly over time and so tend to flag "unusual" but safe activities as anomalies. We propose the use of "time-variant normal" user profiles that assume a user will change activities over time. The approach combines string-matching algorithms from machine intelligence and sequence alignment algorithms from biomedical informatics to dynamically evaluate user behavior.

Keywords

artificial intelligence; security of data; string matching; automated anomaly detection; biomedical informatics; computer system; machine intelligence; sequence alignment algorithm; string-matching algorithm; time-variant normal profiling; unauthorized intrusion detection; Automation; Biomedical computing; Biomedical informatics; Change detection algorithms; Computerized monitoring; Condition monitoring; Educational institutions; Intrusion detection; Machine intelligence; Protection; Security; anomaly detection; automated systems; intrusion detection; pattern matching;

fLanguage

English

Publisher

ieee

Conference_Titel

Automation Congress, 2006. WAC '06. World

Conference_Location

Budapest

Print_ISBN

1-889335-33-9

Type

conf

DOI

10.1109/WAC.2006.376026

Filename

4259942