• DocumentCode
    3248545
  • Title

    Investigative profiling with computer forensic log data and association rules

  • Author

    Abraham, Tamas ; De Vel, Olivier

  • Author_Institution
    Inf. Networks Div., Defence Sci. & Technol. Organ., Edinburgh, SA, Australia
  • fYear
    2002
  • fDate
    2002
  • Firstpage
    11
  • Lastpage
    18
  • Abstract
    Investigative profiling is an important activity in computer forensics that can narrow the search for one or more computer perpetrators. Data mining is a technique that has produced good results in providing insight into large volumes of data. This paper describes how the association rule data mining technique may be employed to generate profiles from log data and the methodology used for the interpretation of the resulting rule sets. The process relies on background knowledge in the form of concept hierarchies and beliefs, commonly available from, or attainable by, the computer forensic investigative team. Results obtained with the profiling system has identified irregularities in computer logs.
  • Keywords
    computer crime; data mining; computer crime; computer forensics; computer logs; computer perpetrators; data mining; investigative profiling; profiling system; Aggregates; Application software; Association rules; Australia; Collaboration; Computer crime; Computer networks; Data mining; Forensics; Web pages;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Data Mining, 2002. ICDM 2003. Proceedings. 2002 IEEE International Conference on
  • Print_ISBN
    0-7695-1754-4
  • Type

    conf

  • DOI
    10.1109/ICDM.2002.1183880
  • Filename
    1183880
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3248545