Title :
Security audit trail analysis using inductively generated predictive rules
Author :
Teng, Henry S. ; Chen, Kaihu ; Lu, Stephen C Y
Author_Institution :
Digital Equipment Corp., Marlboro, MA, USA
Abstract :
A time-based inductive learning approach to security audit trail analysis is presented. The approach uses a time-based inductive engine to generate rule-based sequential patterns that characterize the behavior of a user. The time-based inductive approach substantially increases the discriminating capability of an anomaly detection system due to the added dimension of information given in the sequential relationships between security events. It is shown that the use of rule-based sequential patterns allows a security auditing system to capture characteristics of user behavior that may be otherwise intractable using traditional statistical approaches. The approach also may help security management to focus on a few potentially hostile security events inside an entire user log-in session
Keywords :
DP management; auditing; computer aided analysis; inference mechanisms; learning systems; security of data; user modelling; anomaly detection system; discriminating capability; hostile security events; inductive engine; inductively generated predictive rules; rule-based sequential patterns; security audit trail analysis; security management; time-based inductive learning; user behaviour characterization; user log-in session; Computer security; Data security; Industrial engineering; Information security; Intelligent systems; Knowledge engineering; Laboratories; Manufacturing automation; Protection; Systems engineering and theory;
Conference_Titel :
Artificial Intelligence Applications, 1990., Sixth Conference on
Conference_Location :
Santa Barbara, CA
Print_ISBN :
0-8186-2032-3
DOI :
10.1109/CAIA.1990.89167
