Date Added: Nov 2011
Detecting anomaly behaviors is one of the most challenging tasks for Information Systems (IS) administrators. The anomaly behavior is defined as any behavior from either inside or outside of the organization's information system that deviates from normal; this includes insider attacks as well as any behavior that threatens the confidentiality, integrity and availability of the organization's information systems. One of the strategies to detect an anomalous behavior is to create a clustering or classification model by utilizing data mining methodologies. The models could be generated from previous historical data or it could be based on current data. Although these models could identify normal and abnormal behavior, they couldn't satisfy the growing demand for better information security.