S.H. Oh and W.S. Lee (Korea)
Clustering, Anomaly Intrusion Detection, User Profiling
In this paper, a new clustering algorithm for modeling the normal behavior of a user’s activities is proposed. Since clustering can identify an arbitrary number of dense ranges in an analysis domain, it can eliminate the inaccuracy caused by statistical analysis. Consequently, it can model the frequent activities of a user more accurately than the statistical analysis. The common knowledge of activities in the transactions of a user is represented by the occurrence frequency of similar activities by the unit of a transaction as well as the repetitive ratio of similar activities in each transaction. Furthermore, the proposed method also addresses how to maintain identified common knowledge as a concise profile, so that it can be used to detect any anomalous behavior in an online transaction.
Important Links:
Go Back
