Key points are not available for this paper at this time.
A time-based inductive learning approach to security audit trail analysis is presented. The approach uses a time-based inductive engine to generate rule-based sequential patterns that characterize the behavior of a user. The time-based inductive approach substantially increases the discriminating capability of an anomaly detection system due to the added dimension of information given in the sequential relationships between security events. It is shown that the use of rule-based sequential patterns allows a security auditing system to capture characteristics of user behavior that may be otherwise intractable using traditional statistical approaches. The approach also may help security management to focus on a few potentially hostile security events inside an entire user log-in session.>
Teng et al. (Wed,) studied this question.