{"title":"使用计算机取证日志数据和关联规则进行调查分析","authors":"Tamas Abraham, O. Vel","doi":"10.1109/ICDM.2002.1183880","DOIUrl":null,"url":null,"abstract":"Investigative profiling is an important activity in computer forensics that can narrow the search for one or more computer perpetrators. Data mining is a technique that has produced good results in providing insight into large volumes of data. This paper describes how the association rule data mining technique may be employed to generate profiles from log data and the methodology used for the interpretation of the resulting rule sets. The process relies on background knowledge in the form of concept hierarchies and beliefs, commonly available from, or attainable by, the computer forensic investigative team. Results obtained with the profiling system has identified irregularities in computer logs.","PeriodicalId":405340,"journal":{"name":"2002 IEEE International Conference on Data Mining, 2002. Proceedings.","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"72","resultStr":"{\"title\":\"Investigative profiling with computer forensic log data and association rules\",\"authors\":\"Tamas Abraham, O. Vel\",\"doi\":\"10.1109/ICDM.2002.1183880\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Investigative profiling is an important activity in computer forensics that can narrow the search for one or more computer perpetrators. Data mining is a technique that has produced good results in providing insight into large volumes of data. This paper describes how the association rule data mining technique may be employed to generate profiles from log data and the methodology used for the interpretation of the resulting rule sets. The process relies on background knowledge in the form of concept hierarchies and beliefs, commonly available from, or attainable by, the computer forensic investigative team. Results obtained with the profiling system has identified irregularities in computer logs.\",\"PeriodicalId\":405340,\"journal\":{\"name\":\"2002 IEEE International Conference on Data Mining, 2002. Proceedings.\",\"volume\":\"10 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2002-12-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"72\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2002 IEEE International Conference on Data Mining, 2002. Proceedings.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICDM.2002.1183880\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2002 IEEE International Conference on Data Mining, 2002. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDM.2002.1183880","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Investigative profiling with computer forensic log data and association rules
Investigative profiling is an important activity in computer forensics that can narrow the search for one or more computer perpetrators. Data mining is a technique that has produced good results in providing insight into large volumes of data. This paper describes how the association rule data mining technique may be employed to generate profiles from log data and the methodology used for the interpretation of the resulting rule sets. The process relies on background knowledge in the form of concept hierarchies and beliefs, commonly available from, or attainable by, the computer forensic investigative team. Results obtained with the profiling system has identified irregularities in computer logs.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
