Clustering of Windows Security Events by Means of Frequent Pattern Mining

  • Rosa Basagoiti
  • Urko Zurutuza
  • Asier Aztiria
  • Guzmán Santafé
  • Mario Reyes
Conference paper
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 63)


This paper summarizes the results obtained from the application of Data Mining techniques in order to detect usual behaviors in the use of computers. For that, based on real security event logs, two different clustering strategies have been developed. On the one hand, a clustering process has been carried out taking into account the characteristics that define the events in a quantitative way. On the other hand, an approach based on qualitative aspects has been developed, mainly based on the interruptions among security events. Both approaches have shown to be effective and complementary in order to cluster security audit trails of Windows systems and extract useful behavior patterns.


Windows security event analysis data mining frequent pattern mining intrusion detection anomaly detection 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical report, Fort Washington (1980)Google Scholar
  2. 2.
    Denning, D.E.: An Intrusion-Detection Model. IEEE transaction on Software Engineering 13(2), 222–232 (1987)CrossRefGoogle Scholar
  3. 3.
    Teng, H., Chen, K., Lu, S.: Adaptive real-time anomaly detection using inductively generated sequential patterns. In: Proceedings of 1990 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, California, May 7-9, pp. 278–284 (1990)Google Scholar
  4. 4.
    Debar, H., Becker, M., Siboni, D.: A Neural Network Component for an Intrusion DetectionSystem. In: Proceedings, IEEE Symposium on Research in Computer Security and Privacy, pp. 240–250 (1992)Google Scholar
  5. 5.
    Endler, D.: Intrusion detection: Applying machine learning to solaris audit data. In: Proceedings of the 1998 Annual Computer Security Applications Conference (ACSAC 1998), Scottsdale, AZ, pp. 268–279. IEEE Computer Society, Los Alamitos (1998)Google Scholar
  6. 6.
    Lee, W., Stolfo, S.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the Seventh USENIX Security Symposium (SECURITY 1998), San Antonio, TX (January 1998)Google Scholar
  7. 7.
    Lane, T., Brodley, C.E.: Temporal Sequence Learning and Data Reduction for Anomaly Detection. ACM Transactions on Information and System Security 2, 295–331 (1999)CrossRefGoogle Scholar
  8. 8.
    Larosa, C., Xiong, L., Mandelberg, K.: Frequent pattern mining for kernel trace data. In: SAC 2008: Proceedings of the 2008 ACM symposium on Applied computing, Brazil, pp. 880–885 (2008)Google Scholar
  9. 9.
    Rana, A.Z., Bell, J.: Using event attribute name-value pairs for summarizing log data. In: AusCERT 2007 (2007)Google Scholar
  10. 10.
    Vaarandi, R.: Mining Event Logs with SLCT and LogHound. In: Proceedings of the 2008 IEEE/IFIP Network Operations and Management Symposium, pp. 1071–1074 (2008)Google Scholar
  11. 11.
    Viinikka, J.: Time series modeling for IDS Alert Management. In: ACM ASIAN Symposium on Information (2006)Google Scholar
  12. 12.
    Burdick, D., Calimlim, M., Gehrke, J.: A maximal frequent itemset algorithm for transactional databases. IEEE Trans. Knowl. Data Eng. 17(11), 1490–1504 (2005)CrossRefGoogle Scholar
  13. 13.
    Fayyad, U., Piatetsky-Shapiro, G., Smyth, P.: The KDD process for extracting useful knowledge from volumes of data. Communications of the ACM 39(11), 27–34 (1996)CrossRefGoogle Scholar
  14. 14.
    MacQueen, J.B.: Some Methods for classification and Analysis of Multivariate Observations. In: Proceedings of 5th Berkeley Symposium on Mathematical Statistics and Probability, vol. 1, pp. 281–297. University of California Press (1967)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Rosa Basagoiti
    • 1
  • Urko Zurutuza
    • 1
  • Asier Aztiria
    • 1
  • Guzmán Santafé
    • 2
  • Mario Reyes
    • 2
  1. 1.Mondragon UniversityMondragonSpain
  2. 2.Grupo S21sec Gestión S.A.OrcoyenSpain

Personalised recommendations