The development and implementation of adaptation of the algorithm for detecting and predicting violations based on frequent sets of events is presented. The peculiarity of this adaptation is the formation of transactions by the time of events, the use of their own scripts, as well as the adoption of a minimum border for a confidence indicator of 80%, which reduces the number of false positives. The training data set, on which the model is created and trained, and then tested and used to predict values in other data sets, is a mark on the movement of personnel in a real enterprise through an access control system (ACS). An example of a study of this set shows that, thanks to the proposed adaptation, it is possible to detect violations and atypical behavior, manifested in the failure to comply with the associative rules, which are created on the basis of frequent sets of events obtained as a result of the work of the Frequent Pattern-Growth algorithm. The applicability of the proposed adaptation is confirmed by a software prototype developed on the basis of a software platform for processing RapidMiner data and scripts in the Groovy programming language.

Authors: I. Yu. Trubitsyn, Ya. A. Bekeneva

Direction: Informatics, Computer Technologies And Control

Keywords: Data Mining, sequential event analysis, violation detection, associative rules

View full article