Anomaly detection

Computer are finite discrete machines, the set of real numbers is an infinite continuum. So real numbers in computers are approximation. Rough set theory is the underlying mathematics. A \´computer\´ version of Weistrass theorem states that every sequence, within the radius of error, repeats certain terms infinitely many times. In terms of applications, the theorem guarantees that the audit trail has repeating patterns. Examining further, based on fuzzy-rough set theory, hidden fuzzy relationships (rules) in audit data are uncovered. The information about the repeating data and fuzzy relationships reflect "unconscious patterns" of users\´ habits. They are some deeper "signatures" of computer users, which provide a foundation to detect abuses and misuses of computer systems, A "sliding window information system" is used to illustrate the detection of a \´simple\´ virus attack. The complexity problem is believed to be controllable via rough set representation of data.