By Topic

Adaptive real-time anomaly detection using inductively generated sequential patterns

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Teng, H.S. ; Digital Equipment Corp., Marlboro, MA, USA ; Chen, K. ; Lu, S.C.

A time-based inductive learning approach to the problem of real-time anomaly detection is described. This approach uses sequential rules that characterize a user's behavior over time. A rulebase is used to store patterns of user activities, and anomalies are reported whenever a user's activity deviates significantly from those specified in the rules. The rules in the rulebase characterize either the sequential relationships between security audit records or the temporal properties of the records. The rules are created in two ways: they are either dynamically generated and modified by a time-based inductive engine in order to adapt to changes in a user's behavior, or they are specified by the security management to implement a site security policy. This approach allows the correlation between adjacent security events to be exploited for the purpose of greater sensitivity in anomaly detection against seemingly intractable (or erratic) activities using statistical approaches. Real-time detection of anomaly activities is possible

Published in:

Research in Security and Privacy, 1990. Proceedings., 1990 IEEE Computer Society Symposium on

Date of Conference:

7-9 May 1990