Information Prioritizing: Ranking Transactions to Detect Anomalies

Published in: Engineering for a Smarter Planet: Innovation, ITC, and Computational Tools for Sustainable Development: Proceedings of the 9th Latin American and Caribbean Conference for Engineering and Technology
Date of Conference: August 3-5, 2011
Location of Conference: Medellin, Colombia
Authors: Jan Flores
Alfredo Cruz
Refereed Paper: #141

Abstract

This paper focuses on the problem of prioritizing information. More specifically, it deals with applying the concept of detectors to help detect anomalies within a collection of individual items. The motivation for this work is the development of a real-world application to prioritize a log of transactions. The application should aid system administrators in detecting unusual behavior patterns that may indicate potential security risks. We discuss information management concepts such as information retrieval, filtering and categorization, to distinguish them from information prioritizing. Then, we delve into information prioritization concepts, application development details and the analysis of experimental results. After analysis, it is concluded that equivalence classing and the independence surrogate are critical for the naïve detector to become ideally suited for identifying abnormal behavior patterns within a set of transactions.