Abstract
Data mining algorithms have been applied to investigate a wide range of research issues recently. In this paper we describe an alternative technique of profiling databases via time series analysis to detect anomalous changes to a database. We view the history of modifications in the database as a set of time series sequences. We then examine the application of Hidden Markov models (HMMs)as a mining tool to capture the normal trend of a database’s changes in transactions. Rather than examining each record independently, our technique accounts for the existence of relations among groups of records, and validates modifications to the sequence of transactions. The algorithm is adaptive to changes in behavior. Experiments with real data-sets, comparing various options for the initial HMM parameters, demonstrate that the distribution of the change in acceptance probabilities of anomalous values is significantly different from that of acceptance of transactions expected by the model.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35697-6_26
Chapter PDF
Similar content being viewed by others
Keywords
- Hide Markov Model
- Acceptance Probability
- Application Security
- Database Transaction
- Hide Markov Model Model
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
W. Aref, P. Vallabhaneni and D. Barbara, On training hidden Markov models for recognizing handwritten text, Proceedings of the Fourth International Workshop on the Frontiers of Handwriting Recognition, 1994.
G. Box, G. Jenkins and G. Reinsel, Time Series Analysis: Forecasting and Control, Prentice Hall, 1994.
G. Das, K. Lin, H. Mannila, G. Renganathan and P. Smyth, Rule discovery from time series, Proceedings of the International Conference on Knowledge Discovery and Data Mining, 1998.
B. Davidson and H. Hirsh, Predicting sequence of user actions, Proceedings of the AAAI/ICML Workshop on Predicting the Future: AI Approaches to Time-Series Analysis, pp. 5–12, 1998.
D. DeCoste, Mining multivariate time-series sensor data to discover behavior envelopes, Proceedings of the International Conference on Knowledge Discovery and Data Mining, pp. 151–154, 1997.
T. Fawcett and F. Provost, Adaptive fraud detection, Data Mining and Knowledge Discovery, pp. 177–181, 1997.
T. Fawcett and F. Provost, Activity monitoring: Noticing interesting changes in behavior, Proceedings of the International Conference on Knowledge Discovery and Data Mining, pp. 53–62, 1999.
H. Jagadish, J. Madar and R. Ng, Semantic compression and pattern extraction with fascicles, Proceedings of the Twenty-Fifth VLDB Conference, pp. 186–198, 1999.
S. Jajodia, P. Amman and C. McCollum, Surviving information warfare attacks, IEEE Computer, pp. 57–63, 1999.
A. Kokkinaki, On atypical database transactions: Identification of probable frauds using machine learning for user profiling, Proceedings of the Knowledge and Data Engineering Exchange Workshop, pp. 107–113, 1997.
T. Lane, Hidden Markov models for human/computer interface modeling, Proceedings of the IJCAI-99 Workshop on Learning about Users, pp. 3544, 1999.
J. Lee, R. McCartney and E. Santos, Learning and predicting user behavior for particular resource use, Proceedings of the Fourteenth International FLAIRS Conference, pp. 177–181, 2001.
L. Rabiner, A tutorial on hidden Markov models and selected applications in speech recognition, Proceedings of the IEEE, pp. 257–285, 1989.
P. Smyth, Hidden Markov monitoring for fault detection in dynamic systems, Pattern Recognition, pp. 149–164, 1994.
P. Smyth, Markov monitoring in unkown states, IEEE Journal on Selected Areas in Communications, pp. 1600–1612, 1994.
C. Warrender, S. Forrest and B. Pearlmutter, Detecting intrusions using system calls: Alternative data models, Proceedings of the IEEE Symposium on Security and Privacy, pp. 133–145, 1999.
B. Yi, N. Sidiropoulos, T. Johnson, H. Jagadish, C. Faloutsos and A. Biliris, Online data mining for co-evolving time sequence, Proceedings of the IEEE International Conference on Data Engineering, pp. 13–22, 2000.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Barbará, D., Goel, R., Jajodia, S. (2003). Mining Malicious Corruption of Data with Hidden Markov Models. In: Gudes, E., Shenoi, S. (eds) Research Directions in Data and Applications Security. IFIP — The International Federation for Information Processing, vol 128. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35697-6_14
Download citation
DOI: https://doi.org/10.1007/978-0-387-35697-6_14
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6413-0
Online ISBN: 978-0-387-35697-6
eBook Packages: Springer Book Archive