摘要
提出一种基于数据挖掘的用户行为审计方法,通过对正常审计数据进行分类预处理获取其他传统方法容易遗漏的正常模式,结合使用关联规则以及序列模式挖掘技术对用户行为进行模式挖掘,根据模式相似度比较来检测用户行为的异常。将此方法应用于实际的安全审计系统,得到了较好的效果。
A method for auditing users' abnormal behavior based on data mining technology was proposed. Through preprocessing normal auditing data, some additional normal patterns were found. Then, users' behavior profiles were discovered with association rules and sequence pattern mining methods. Users' behavior could be further audited with these profiles. Simulation results show that this method is valid in real security auditing systems.
出处
《计算机应用》
CSCD
北大核心
2006年第7期1637-1639,1642,共4页
journal of Computer Applications
基金
重庆市自然科学基金重点项目(2005BA2003)
重庆市信息产业发展资金资助项目(200401022)
重庆市优秀中青年骨干教师资助计划
关键词
安全审计
用户行为模式
数据挖掘
关联规则
序列模式
security auditing
users' behavior profile
data mining
association rule
sequence pattern