A Survey on Different Phases of Web Usage Mining for Anomaly User Behavior Investigation

Transcription

1 A Survey on Different Phases of Web Usage Mining for Anomaly User Behavior Investigation Amit Pratap Singh 1, Dr. R. C. Jain 2 1 Research Scholar, Samrat Ashok Technical Institute, Visdisha, M.P., Barkatullah University, Bhopal, M.P., India 2 Director, Samrat Ashok Technical Institute, Vidisha, Madhya Pradesh, India Abstract: The World Wide Web or simply called Web is global information medium which users can access a lot of information via computers to the Internet. The rapid growth of web is due to social web culture and mobile technology. Every day a number of users are added in web by a parallel growth in field of cybercrime. All the request of user in web is recorded in web log files. These files contain a voluminous data. Web mining is the application of data mining techniques used to extract the suspected behaviors of users, different types of web attacks, criminal pattern identification thru the web log files. A web log file contains noisy data thru preprocessing step; we eliminate irrelevant data so this step is very important in web mining. After preprocessing pattern discovery and analysis phase play an important role to identify criminal activity and predict the suspected user behavior. This paper presents on existing work done by different researchers in various phases of web usage mining. Keywords: Web Usage Mining, Log file, Crime Pattern Detection, Cyber Crime Detection. 1. INTRODUCTION Data mining is defined as the automatic searching, a large store of data to discover patterns and trends that go beyond simple analysis. Data mining uses sophisticated mathematical algorithms to segment the data and evaluate the probability of future events. Data mining also known as Knowledge Discovery in Data (KDD). So a data mining technology can generate the automated prediction of trends and behaviors, automatic discovery of previously unknown patterns. A massive growth of World Wide Web in recent years produces lots of data available online. Some antisocial elements misuse this World Wide Web service, is called Internet crime. A crime committed on Internet, using the Internet, and by the means of Internet. With the evolution of Internet, along came another revolution of crime where perpetrators commit acts of crime and wrong doing on World Wide Web. Computer crime is a general term that embarrasses such as illegal downloading, creation or distribution of viruses, child pornography, cyber terrorism, online threats, frauds etc. Web mining is the application of data mining to automatically fetch and evaluate information from web document and services. Web mining is divided in the following three categories. 1. Web Content Mining or Web Text Mining is the scanning and mining of text, pictures and graphs of web page to determine the relevance of contents to the search query. Web Content Mining is very effective when used in relation to content data base dealing with specific topic. 2. Web Structure Mining to identify the relationship between web pages linked by information or direct link connection. The main purpose of structure mining is to extract previously unknown relationship between web pages. Web Usage Mining, mines the log data stored in different formats in the web server, proxy server and client caches. 3. Web Usage Mining is that part of Web Mining, which deals with the extraction of knowledge from server log files. The server log files mainly consist of the textual logs that are collected when users access web servers and might be represented in standard formats. The typical applications of web usage mining such as web personalization, adaptive websites and user modeling. Web usage mining is the application of data mining techniques on web log containers to discover knowledge about user behaviors. Websites statistics which is used to enhance the performance and website design tasks. The ultimate source of web usage mining consists of textual log files stored on numerous web servers all around the world. There are the following steps in web usage mining:- Data Collection: Users log data is collected from different sources like web servers, proxy servers, client side etc. Data Preprocessing: It is a very important process in web usage mining. Here performs data reduction, user identification and session identification. Pattern Discovery: Apply different data mining techniques like association rules, sequential patterns, clustering and classification for identify the user s pattern. Pattern Analysis: Once uninterested rules are filtered out then analysis is done using query tools like SQL to perform specific pattern analysis. Figure 1 Different Phases of Web Usage Mining The main motive of this paper is that how web usage mining technique is useful to identify anomaly or suspected user behavior. Data compilation section provides a list of different sources of data which is Volume 3, Issue 3 May June 2014 Page 70

2 important to investigate user behaviors. Data preprocessing section review the work of different researchers done in the data preprocessing area. Pattern discovery and visualization section provide some specific techniques which are useful in to identify future trends and some specific patterns in user profiling. Remaining sections provide a brief analysis on different areas where Web Usage Mining may be apply in near future. 2. DATA COLLECTION Data collection is the first step in web usage mining. Web Usage Mining applications are based on data collected from the main sources: Web servers and Proxy servers. Web servers are surely the richest and the most common source of data. They can collect large amounts of information in their log files and in the log files of the databases they use. A web server log file is a simple plain text file [1], in which information is recorded each time when a user requests a resource from a website. A log file can be located in three different places [2] web servers, web proxy servers & client browsers. 2.1 Web Server Log Files Server log file is a simple plain text file, stores information when a user requests a page from the web site. Analyzing this data may find out many interested patterns which may useful to our society. There are four types of server log [3]: 1. Access log file 2. Error log file 3. Agent log file 4. Referer log file Access log file contains all the information that provides to the clients by the server. Error log file contains a list of any server error. These two log files are very common and important to fetch the required information in accessing the user behavior during suspected user investigation. Agent and Referer log file is not always enabled at server side. Agent log file provide the information about user s browser, operating system and version of browser. Referer log file [4] is used to allow websites and web servers to identify where people are visiting them from, for promotional or security purposes. The following is a fragment from server log for loganalyzer.net [5] [08/Oct/2007:11 : 17: ] "GET / HTTP/1.1" " /search?q=log+analyzer&ie=utf-8&oe=utf-8 & aq=t& rls=org. mozilla:en-us: official&client=firefox-a" "Mozilla/5.0 (Windows; U; Windows NT 5.2; en-us; rv: ) Gecko/ Firefox/ " There are the following fields in this server fragment. IP address: Internet Protocol defined an IP address as a 32-bit number. IP address is uniquely identified in the network. IP addresses are binary numbers, but they are usually stored in text files and displayed in human-readable notations. Remote log name: This will return - unless user authentication set on the web server. Authenticated user name: Only available when accessing content which is password protected by web server authenticate system. Timestamp: Entering and exiting date & time and time zone of the web server. Access request: Different methods of request like GET, POST, HEAD, PUT, DELETE and TRACE are used. Result status code: The resulting status code "200" is success. This tells you whether the request was successful or not. Bytes transferred: The number of bytes transferred. This tells you how many bytes were transferred to the user, i.e. the bandwidth used. Referrer URL: This is the page address link by which a visitor is clicked to come to this page. It is also possible that visitor type this link address in the address bar. Some user agents not supply this information always. User Agent: User agent provide the information about user s browser, operating system and browser version. 2.2 Different log file formats A different type of log file formats is available now days. The most commonly used formats are as follows NCSA Common Format The NCSA Common log file format is a fixed ASCII textbased format. The NCSA Common log file format is available for Web sites and for SMTP and NNTP services, but it is not available for FTP sites. The NCSA Common log file format records the information about Remote host address, Remote log name (This value is always a hyphen.) User name, Date, time Greenwich Mean Time (GMT) offset, Request, Protocol version, Service status code (A value of 200 indicates that the request was fulfilled successfully), Bytes sent etc. The following fragment shows the NCSA common format [6] example Microsoft\JohnDoe [08/Apr/2001 :17:39 : ] "GET /scripts/iisadmin/ ism.dll?http/serv HTTP/1.0" NCSA Combined Format The NCSA Combined log format is an extension of the NCSA Common log format. The Combined format contains the same information as the Common log format plus three (optional) additional fields: the referral field, user_agent field, and cookie field. The following fragment shows the NCSA combined format [7] example dsmith [10/Oct/1999:21:15: ] "GET /index.html HTTP/1.0" " "Mozilla/4.05 [en] (WinNT; I)" "USERID=CustomerA;IMPID=01234" W3C Extended Format The W3C Extended log file format is the default log file format for IIS. It is a customizable ASCII text-based format. It stores more information as NCSA formats. The following fragment shows the W3C extended format [8] example. #Software: Microsoft Internet Information Services 6.0 Volume 3, Issue 3 May June 2014 Page 71

3 #Version: 1.0 #Date: :42:15 #Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(user-agent) :42: GET /images/picture.jpg Mozilla/4.0+(compatible;MSIE+5.5;+Windows+2000+Se rver) We interpret the preceding log file entry as follows: #Software: Microsoft Internet Information Services 6.0. This indicates the version of IIS that is running. #Version: 1.0 This indicates the log file format. #Date: :42:15 This indicates when the first log file entry was recorded, which is when the entire log file was created. #Fields: date, time, IP address of client, user name, IP address of server, server port, method, content (like any file name), URI queries (Necessary only for ASP like dynamic pages so this field usually contains a hyphen for static pages), request status, type of browser (that the client used), etc IIS Format The IIS log file format is a fixed ASCII text-based format, so cannot customize it. The fields in this format is Client IP address, User name, Date, Time, Service and instance, Server name, Server IP address, Time taken, Client bytes sent, Server bytes sent, Service status code, Windows status code (A value of 0 indicates that the request was fulfilled successfully.), Request type & Target of operation Parameters (the parameters that are passed to a script). The following fragment shows the IIS format [9] example , -, 03/20/01, 7:55:20, W3SVC2, SERVER, , 4502, 163, 3223, 200, 0, GET, /DeptLogo.gif, -, A single website is may be hosted on different server so for a same website more than one log file will create. It is very important to collect data from different formats for anomaly user behavior investigation. 3. DATA PREPROCESSING Data collected from different sources in web usage mining are usually diverse and voluminous. These data must be assembled into a consistent, integrated and comprehensive view, in order to be used for pattern discovery. This stage includes the identification of user sessions [11] which are the basic building block for pattern discovery. Various research works are carried out in this preprocessing area to identify user identities and sessions, which is useful to discover suspected user behavior patterns Data Reduction The purpose of data reduction process is to remove unwanted data that may affect the overall mining process. A simple algorithm is devised by Helmy et al. [10] in which they remove any extensions like gif, jpg, css in target URL. Use of this algorithm, these types of useless data is removed and the mining process gets be evaluated results comparatively fast. The HTTP status code is also a concern for data reduction. In the web personalization area a researcher take the entire data log that contains success code 200 series. As in web intrusion detection, all the status code of server errors is most important because in successful status code an almost no margin to find a suspect. Suneetha et al. [2] give details of HTTP status code. In anomaly user behavior investigation the failure error i.e 400 series code and server error 500 series code is important. So in the web log entries that contains 400 and 500 status code is not eliminated in data reduction phase User Identification User identification is an important step to find the suspected entry in log files. But it is a complicated task there are various methods proposed by different researchers and some of them we included in this section. Chaofeng [12] used some common heuristics. Each IP address represents one user. For more logs, if the IP address is the same, but the agent log shows a change in browser software or operating system. An IP address represents a different user, if a page is requested by a referrer link; there is another user with the same IP address. Cooley et al. [14] proposed a heuristic that if a web page is directly accessed without any hyperlink by same IP, assumed as a different user. An optimal algorithm is devised by Chitra et al. [13] based on log entries for user identification without considering the topology structure of site Session Identification Once a user was identified then click stream is divided in to clusters. This method of division is called Session Reconstruction or Sessionization. A user session is a series of web pages visited by the same user with in a one visit. A user may have single or multiple sessions during a time. There are basically two methods one is time oriented and another one is navigation oriented. Generally in e- commerce sites user logged with user name and session is time based. Some researchers [12, 15, 16] have coined that there is a new session if time limit is exceed more that 30 minutes. This method is not so much important when we find out any suspected user the important thing is that we find the IP which cause a lot of error in short period of time Path Completion This step is used to check the missing pages after constructing transactions. The missing page problem is due to proxy servers and caching problem of clients. This step is also not important when we find out anomaly behavior of user. Here we are only interested to find out any web attack or suspicious user behavior with the help of web server logs. Basically this step is concerned with site topology. 4. PATTERN DISCOVERY Once a user transaction have been identified there are different types of data mining techniques are available to Volume 3, Issue 3 May June 2014 Page 72

4 perform pattern discovery in web mining. A suspected user and different web attacks are identified thru web logs. Firstly the web logs are converted into relational data base and then three main operations [17] Association, Clustering and Sequential Analysis, are performed on data for pattern discovery. The association rule is mainly focuses on discovery of relations between pages visited by users on web site. Association rule can be used to relate the web page is most often used by the single server session. Several algorithms like Apriori, Eclat, Frequent Pattern tree etc. to perform association rule mining. Kumar et al. [18] used Apriori, FP Growth algorithm in web usage mining for the comparison of memory and time usage by the user during web site accessing. Eclat Algorithm [19] is a bit matrix, in which each row corresponds to an item, each column to a transaction. A bit is set in this matrix if the item corresponding to the row is contained in the transaction corresponding to the column, otherwise it is cleared. Eclat searches a prefix tree, but unfortunately Eclat and FP Growth algorithm are not suitable for a huge database. Clustering is to find data objects that are similar in some sense to one another. The members of a cluster are more like each other then they are like members of other cluster. Clustering can also be used for anomaly detection. Once the data has been segmented into clusters, you might find that some cases do not fit well into any clusters. These cases are anomalies or outliers. Sequential pattern analysis is used to find that a suspected user visit a particular link X followed by link Y in a time ordered set of sessions. By using this approach we can predict the suspected user psychology which is useful in crime detection. There are several algorithms like AprioriAll, GSP, SPADE, PrefixSpan and Spam are used for sequential pattern analysis. GSP and PrefixSpan are the best algorithms for pattern analysis and represent the two main approaches to the problem like apriori based and pattern growth methods. Antunes et al. [20] describe both approaches and compare their advantages and disadvantages. 5. PATTERN ANALYSIS Pattern analysis is the last step of web usage mining. Its main purpose is to find out a valuable model. There are so many types of techniques are used for analysis such as visualization technique, OLAP techniques, data and knowledge querying and usability analysis. Pitkow et al. [21] developed a tool WebViz that provide that selectively filtered a web server log, control bindings to graph attributes and also reissue of logged sequence of requests. WebViz, is a useful database utility, provide the user with the graphical information about document accesses and path taken by users through the database. Etgen et al. [22] proposed WET (Web-Event Logging Technique), WET is an automated usability testing technique that works by modifying every page on the server. It can automatically and remotely track user interactions. WET takes advantage of the event handling capabilities built into the Netscape and Microsoft browsers. Another tool WebQuilt [23] is developed by Hong et al. WebQuilt is a web logging and visualization analyzing tool which help to analyze the collected data from local and remote logs. The collected usage visualized in a zooming interface that shows which people viewed the particular web page. OLAP (Online Analytical Processing Technique) is a powerful paradigm for strategic analysis of relational database which is very useful in business systems. OLAP is part of the broader category of business intelligence, which also encompasses relational reporting and data mining. Typical applications of OLAP include business reporting for sales, marketing, management reporting, business process management, budgeting and forecasting, financial reporting and similar areas, with new applications coming up, such as agriculture. Query mechanism such as SQL is the most common method of pattern analysis. This is an important part of web usage mining in which we analyze the different reasons of anomaly behaviors of users. According to need we impose constraints on database in a declarative language? By the use of SQL we find some specific results from database like suspected session in database created by the users, failure status code of http protocol, most visited page on which a lots of error is encountered etc. are the main quires to find suspected user behavior by the use of web usage mining. Usability analysis is a modeling technique to accessing the behavior of user on the web site. There are some specific conditions to identify suspected users by usability analysis. For anonymous users it is important to identify to detect the IP addresses in log file which cause errors in small period of time. This can be detected thru status filed in web server log file. Barse et al. [24] proposed some Fraud indication is analyzed by the analysis of web log files, when the ratio between transmitted and received data is suspiciously high, a great deal of data is transmitted (some period of time) after data has been received, a great number of downloads are done. Barse et al. [29] can find out these indications thru an experiment aimed at generating synthetic test data for fraud detection in an IP based video on demand service. Web server log file also contains the information about returned bytes for a user request any web page. Anomaly behavior of user is also traced by using this information. When a user requests a page and if the returned bytes are different from other request for the same page, it is an indication of anomaly behavior of user. When a user makes a lot of errors during login on any e-commerce site, it may be a malicious user that wants to guess the password. The http status code in web server logs help in identifying the suspected users that triggers a lot of errors during browsing the site. An intruder may also tamper the database with the help of SQL injection, XPath injection, Cross site scripting (XSS). These are the some specific web attacks that are commonly encountered. In web server log the uri-query filed is used to detect web attacks imposed by malicious users or hackers even if the status Volume 3, Issue 3 May June 2014 Page 73

5 field contains a success code. Salama et al. [25] proposed a framework for SQL injection detection. SQL Injection attack (SQLIA) is a type of code-injection attack in which an attacker can leak, modify, and delete information stored in the database. The main reason of SQL injection attack is an inefficient input validation in the database. A frequent pattern mining approach DFPMT [26] is a dynamic approach using transposition of database based on Apriori algorithm. This algorithm produces faster results. In this algorithm database is stored in transposed form and in each iteration database is reduced by generating Longest Common Subsequence for each pattern. 6. WEB USAGE MINING & CRIME INVESTIGATION A suspected user behavior is traced from the different sources of log data available in different places in the network like web server, proxy server, client cache etc. An anomaly or malicious behavior of user is during web browsing is a main cause of internet crime. Web usage mining technique is useful in predicting and investigates the user behavioral study from web log files. Web usage mining is also apply for information gathering, evidence collection against a suspect in cyber or internet crime investigation, in web intrusion detection and to identify different types of web attacks. A wide range of area where web usage mining application are used for crime investigation like hacking, internet fraud, fraudulent websites, illegal online gambling, virus spreading, child pornography distribution & cyber terrorism. Some researchers analyze the multi-dimensional effects in computer networks [27]. Clustering and classification techniques are used to identify cyber criminals, by using these techniques we can grouped the similar type of suspected users, make cluster of similar error codes encountered during web browsing by users, similar web attacks like SQL injection, Xpath injection & XSS attacks. So as far as concern Clustering and Classification techniques of web mining can reveal identities of cyber criminals, whereas neural networks, decision trees genetic algorithm support vector machine can be used to trace crime patterns and network visualization by web server logs. 7. FUTURE ENHANCEMENTS There are number of challenges in web usage mining, used in anomaly user behavior & crime investigation. First issue is that there are different log file formats on different types of server in World Wide Web. Combining these different formats in a common user defined format, this feature is called data fusion. A common log file will analyze for suspected user identification, malicious code investigation, different types of web attacks and Internet crime detection. The main issue in preprocessing stage is the huge amount of request in common web log file, so it is important to eliminate irrelevant data to boost up the performance of mining algorithms. Data reduction is an important step in web usage mining to increase the quality of results in analyzing stage. There are make more efforts to find out specific fields in web log file to identify doubtful behavior of users during browsing like http status code, returned bytes, uri-query field etc. The following data preprocessing step is easy to develop rules, by which we can identify crime pattern, anomaly and suspected user behavior. More research can be done with the web usage mining technique in the field of crime investigation and digital forensics investigations. 8. CONCLUSION Today most data are available in online, makes the massive growth in World Wide Web. A beneficial area of web mining is security and crime investigation. In crime investigation it is important to identify anomaly or suspected user behavior. The result of mining can be used to predict the behavior of cyber criminals. Log files are the best source to know the user behavior, because when a user navigates at any web site and every click is recorded in web log file. These log files are contains a vast information, by data reduction we eliminate irrelevant data that can make the pattern discovery and analysis phase more accurate. The survey was performed on web usage mining methodologies on different areas by research community. In this survey we find some points which are useful to find the suspect thru web log files. Our research in future is to create more efficient data fusion algorithms that produce more precise and accurate patterns for suspected user identification in security and crime investigation. References [1] S. E. Salama, M. I. Marie, L. M. El-Fangary & Y. K. Helmy, Web Server Logs Preprocessing for Web Intrusion Detection, Canadian Center of Science and Education, Vol. 4, No. 4, 2011, pp [2] K. R. Sunnetha and Dr. R. Krishnamoorthi, Identifying User by Analyzing Web Server Access Log File, International Journal of Computer Science and Network Security (IJCSNS), Vol. 9, No. 4, 2009, pp [3] L. K. Joshila Grace, V. Maheswari and D. Nagamalai, Analysis of Web Logs and Web User in Web Mining, International Journal of Network Security & Its Application (IJNSA), Vol. 3, No. 1, 2011, pp [4] [5] tutor ial/ log -file-sample-explain.html [6] us/library /cc %28v=ws.10%29.aspx [7] ITWSA/ ITWSA_info45/en_US/HTML/guide/c-logs.html [8] 5%28v=ws.10%29.aspx Volume 3, Issue 3 May June 2014 Page 74

6 [9] 51%28v=ws.10%29.aspx [10] Mohd Helmy, Abd Wahab and Nik Shahidah, Development of Web usage Mining Tools to Analyze the Web Server Logs using Artificial Intelligence Techniques, The 2 nd National Intelligence Systems and Information Technology Symposium (ISITS 207), October , ITMA-UPM, Malaysia. [11] D. Pierrakos, G. Paliouras, C. Papatheodorou and C. Spyropoulos, Web Usage Mining as a Tool for Personalization : A Survey, User Modeling and User-AdaptedInteraction, April 2003, pp [12] Li. Chaofeng, Research and Development of Data Preprocessing in Web Usage Mining, International Conference on Management and Engineering, 2006, pp [13] V. Chirta and Dr. A. S. Thanmani, A Novel Technique for Session Identification in Web Usage Mining Preprocessing, International Journal of Computer Application, Vol. 34, No. 9, 2011, pp [14] R. Cooley, B. Mobasher and J. Srivastava, Data Preparation for Mining World Wide Web Browsing Patterns, Journal of Knowledge and Information Systems, Springer, 1999, Vol. 1, No. 1, pp [15] V. Sathiyamoorthi and Dr. V. Murali Bhaskaran, Data Preparation Techniques for Web Usage Mining in World Wide Web-An Approach, International Journal of Recent Trends in Engineering, Vol. 2, No. 4, November 2009, pp [16] R. Cooley, B. Mobasher and J. Srivastava, Web Mining: Information and Pattern Discovery on the World Wide Web, International Conference on Tools with Artificial Intelligence, Newport Beach, IEEE, 1997, pp [17] P. Batista and M. J. Silva, Mining Web Access Logs of An On-Line News Paper, In Proceedings of the Workshop on Recommendation and Personalization in ecommerce of the 2 nd International Conference on Adaptive Hypermedia and Adaptive Web Based Systems, M alaga, Spain, May 29-31, 2002, pp. [18] B. Santhosh Kumar and K. V. Rukmani, Implementation of Web Usage Mining Using APRIORI and FP Growth Algorithms, International Journal of Advanced Networking and Applications, (IJANA) Vol. 01, No. 06, 2010, pp [19] Mohammed J. Zaki, Scalable Algorithms for Association Mining, IEEE Transactions on Knowledge and Data Engineering, Vol. 12, No. 3, 2000, pp [20] Cludia Antunes and Arlindo L. Oliveira, Sequential Pattern mining algorithms : Trade-offs between Speed and Memory, In Proceedings of the Second Workshop on Mining Graphs, Trees and Sequences at the15 th European ECML and the 8 th European PKDD, [21] J. Pitkow and Krishna K. Bharat, WebViz : A Tool for World Wide Web Access Log Analysis, In First International WWW conference, [22] M. Etgen and J. Cantor, What Does Getting WET (Web Event-Logging Tool) Mean for Web Usability?, In Fifth Human Factors and the Web Conference, [23] J. I. Hong and J. A. Landay, Webquilt: A Framework for Capturing and Visualizing the Web Experience In Proceedings of the International Conference on the World Wide Web (WWW 01), 2001, pp [24] E. L. Barse, H. akan and K. E. Jonsson, Synthesizing Test Data for Fraud Detection Systems, In proceedings of the 19 th Annual Computer Security Applications Conference, December 8-12, 2003, pp [25] S. E. Salama, M. I. Marie, L. M. El-Fangary and Y. K. Helmy, Web Anomaly Misuse Intrusion Detection Framework for SQL Injection Detection, International Journal of Advanced Computer Science and Applications (IJACSA), Vol. 3, No. 3, 2012, pp [26] Sunil Joshi, Dr. R.S. Jadon, Dr. R.C. Jain, An Implementation of Frequent Pattern Mining Algorithm using Dynamic Function, International Journal of Computer Applications, Vol. 9, No.9, November 2010, pp [27] V.K. Tiwari, Sanjay Thkur and Diwakar Shukla, Cyber Crime Analysis for Multi-Dimensional Effects in Computer Network, Journal of Global Research in Computer Science, November 2010, Vol. 01, No. 04, pp AUTHOR Mr. Amit Pratap Singh is a Rresearch Scholar in Barkatullah University, Bhopal, Madhya Pradesh, India. His research center is, Samrat Ashok Technological Institute, Vidisha. He is doing research in the area of Web Usage Mining, Cyber Crime. Dr. R. C. Jain is presently working as a Director, Samrat Ashok Technological Institute, Vidisha. He has 30 years teaching experience and 15 years research experience. He has presented research papers in more than 100 national and international Conferences and published more than 100 papers in national and international journals. His research areas include Data mining, web mining and Network security. Volume 3, Issue 3 May June 2014 Page 75