Skip to main content
SpringerLink
Log in

Learning Temporal Regularities of User Behavior for Anomaly Detection

  • Conference paper
  • First Online:
Information Assurance in Computer Networks (MMM-ACNS 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2052))

Abstract

Fast expansion of inexpensive computers and computer networks has dramatically increased number of computer security incidents during last years. While quite many computer systems are still vulnerable to numerous attacks, intrusion detection has become vitally important as a response to constantly increasing number of threats. In this paper we discuss an approach to discover temporal and sequential regularities in user behavior. We present an algorithm that allows creating and maintaining user profiles relying not only on sequential information but taking into account temporal features, such as events’ lengths and possible temporal relations between them. The constructed profiles represent peculiarities of users’ behavior and used to decide whether a behavior of a certain user is normal or abnormal.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lunt, T. and Tamaru, A. and Gilham, F. and Jagannathan, R. and Neumann, P. and Javitz, H. and Valdes, A. and Garvey, T.: A Real-Time Intrusion detection Expert System (IDES) — Final Technical Report. Computer Science Laboratory, SRI International, Technical (1992)

    Google Scholar 

  2. Smaha, S.: Tools for Misuse Detection. ISSA’93, Crystal City, VA (1993)

    Google Scholar 

  3. Seleznyov, A. and Puuronen, S.: Anomaly Intrusion Detection Systems: Handling Temporal Relations between Events. 2nd International Workshop on Recent Advances in Intrusion Detection, Lafayette, Indiana, USA (1999)

    Google Scholar 

  4. Seleznyov, A. and Puuronen, S.: HIDSUR: A Hybrid Intrusion Detection System based on Real-time User Recognition. 11th International Workshop on Database and Expert Systems Applications, Greenwich-London, England (2000)

    Google Scholar 

  5. Allen, J.: Maintaining Knowledge About Temporal Intervals. Communications of the ACM, 26, (1983) 832–843

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Information Systems Department, University of Jyväskylä, P.O. Box35, FIN-40351, Jyväskylä, Finland

    Alexandr Seleznyov, Oleksiy Mazhelis & Seppo Puuronen

Authors
  1. Alexandr Seleznyov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Oleksiy Mazhelis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seppo Puuronen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), SPIIRAS, 39, 14th Liniya, St. Petersburg, Russia, 199178

    Vladimir I. Gorodetski

  2. Watson Schoolof Engineering, Binghamton University, Binghamton, NY, 13902, USA

    Victor A. Skormin

  3. Air Force Research Laboratory, Defensive Information Warfare Branch, 525 Brooks Road, Rome, NY, 13441-4505, Italy

    Leonard J. Popyack

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Seleznyov, A., Mazhelis, O., Puuronen, S. (2001). Learning Temporal Regularities of User Behavior for Anomaly Detection. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds) Information Assurance in Computer Networks. MMM-ACNS 2001. Lecture Notes in Computer Science, vol 2052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45116-1_16

Download citation

  • DOI: https://doi.org/10.1007/3-540-45116-1_16

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42103-0

  • Online ISBN: 978-3-540-45116-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation