Investigative Profiling with Computer Forensic Log Data and Association Rules
نویسندگان
چکیده
Investigative profiling is an important activity in computer forensics that can narrow the search for one or more computer perpetrators. Data mining is a technique that has produced good results in providing insight into large volumes of data. This paper describes how the association rule data mining technique may be employed to generate profiles from log data and the methodology used for the interpretation of the resulting rule sets. The process relies on background knowledge in the form of concept hierarchies and beliefs, commonly available from, or attainable by, the computer forensic investigative team. Results obtained with the profiling system has identified irregularities in computer
منابع مشابه
Introducing an algorithm for use to hide sensitive association rules through perturb technique
Due to the rapid growth of data mining technology, obtaining private data on users through this technology becomes easier. Association Rules Mining is one of the data mining techniques to extract useful patterns in the form of association rules. One of the main problems in applying this technique on databases is the disclosure of sensitive data by endangering security and privacy. Hiding the as...
متن کاملUsing Relationship-Building in Event Profiling for Digital Forensic Investigations
In a forensic investigation, computer profiling is used to capture evidence and to examine events surrounding a crime. A rapid increase in the last few years in the volume of data needing examination has led to an urgent need for automation of profiling. In this paper, we present an efficient, automated event profiling approach to a forensic investigation for a computer system and its activity ...
متن کاملForensic Profiling System
Incidents related to hacking and network intrusion are on the increase. Most organizations safeguard themselves against cyber attacks by employing security methods such as encryption technologies, network monitoring tools, deploying firewalls and intrusion detection and response mechanisms. Even though prevention mechanisms are in place the vulnerabilities associated with any computer network o...
متن کاملMultivariate Chemometrics with Regression and Classification Analyses in Heroin Profiling Based on the Chromatographic Data.
The purpose of this work is to promote and facilitate forensic profiling and chemical analysis of illicit drug samples in order to determine their origin, methods of production and transfer through the country. The article is based on the gas chromatography analysis of heroin samples seized from three different locations in Serbia. Chemometric approach with appropriate statistical tools (multip...
متن کاملOptimizing Membership Functions using Learning Automata for Fuzzy Association Rule Mining
The Transactions in web data often consist of quantitative data, suggesting that fuzzy set theory can be used to represent such data. The time spent by users on each web page is one type of web data, was regarded as a trapezoidal membership function (TMF) and can be used to evaluate user browsing behavior. The quality of mining fuzzy association rules depends on membership functions and since t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2002