مرکز منطقه ای اطلاع رساني علوم و فناوري - Investigative profiling with computer forensic log data and association rules

DocumentCode :

3248545

Title :

Investigative profiling with computer forensic log data and association rules

Author :

Abraham, Tamas ; De Vel, Olivier

Author_Institution :

Inf. Networks Div., Defence Sci. & Technol. Organ., Edinburgh, SA, Australia

fYear :

2002

fDate :

2002

Firstpage :

Lastpage :

Abstract :

Investigative profiling is an important activity in computer forensics that can narrow the search for one or more computer perpetrators. Data mining is a technique that has produced good results in providing insight into large volumes of data. This paper describes how the association rule data mining technique may be employed to generate profiles from log data and the methodology used for the interpretation of the resulting rule sets. The process relies on background knowledge in the form of concept hierarchies and beliefs, commonly available from, or attainable by, the computer forensic investigative team. Results obtained with the profiling system has identified irregularities in computer logs.

Keywords :

computer crime; data mining; computer crime; computer forensics; computer logs; computer perpetrators; data mining; investigative profiling; profiling system; Aggregates; Application software; Association rules; Australia; Collaboration; Computer crime; Computer networks; Data mining; Forensics; Web pages;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Data Mining, 2002. ICDM 2003. Proceedings. 2002 IEEE International Conference on

Print_ISBN :

0-7695-1754-4

Type :

conf

DOI :

10.1109/ICDM.2002.1183880

Filename :

1183880

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3248545