@inbook{970138871c3b49268985efb8a941cf19,
title = "CTAR:Classification based on temporal class-association rules for intrusion detection",
abstract = "Recently, increased number and diversity of network attack caused difficulties in intrusion detection. One of the intrusion detection, anomaly detection is a method of treating abnormal behaviors that deviate from modeled normal behaviors as suspicious attack. Research on data mining for intrusion detection focused on association rules, frequent episodes and classification. However despite the usefulness of rules that include temporal dimension and the fact that the audit data has temporal attribute, the above methods were limited in static rule extraction and did not consider temporal attributes. Therefore, we propose a new classification for intrusion detection. The proposed method is the CTAR(short for, Classification based on Temporal Class-Association Rules) and it extends combination of association rules and classification, CARs(short for, Class-Association Rules) by including temporal attribute. CTAR discovers rules in multiple time granularities and users can easily understand the discovered rules and temporal patterns. Finally, we proof that a prediction model (classifier) built from CTAR method yields better accuracy than a prediction model built from a traditional methods by experimental results.",
author = "Kim, {Jin Suk} and Lee, {Hohn Gyu} and Sungbo Seo and Ryu, {Keun Ho}",
year = "2004",
doi = "10.1007/978-3-540-24591-9_7",
language = "English",
isbn = "3540208275",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "84--96",
editor = "Kijoon Chae and Moti Yung",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
address = "Germany",
}