
|
ICDM 2003 Tutorial
Data Mining for Computer Security Applications
|
by Aleksandar Lazarevic, Jaideep Srivastava and Vipin Kumar
Abstract
Modern society depends critically on the information infrastructure, and
is becoming increasingly important to provide efficient security of
information resources. However, security policies and mechanisms are not
perfect and more and more organizations are becoming vulnerable to a wide
variety of security breaches against information infrastructure. The
escalating magnitude of this threat is evident from the increasing rate of
cyber attacks against our computers in the past few years. According to a
recent survey by CERT/CC (Computer Emergency Response Team/Coordination
Center), the rate of cyber attacks has been more than doubling every year
in recent times. Intrusion detection, as a special form of cyber threat
analysis, includes identifying a set of malicious actions that "compromise
the integrity, confidentiality, and availability of information
resources". The tremendous increase of novel cyber attacks has made data
mining based intrusion detection techniques extremely useful in their
detection.
This tutorial provides an up-to-date introduction to the increasingly
important field of the data mining in many security applications,
including intrusion detection, credit card fraud detection, cyber
forensics, homeland security. The tutorial will also serve as an overview
of research directions in these fields. This tutorial will help
researchers, officers from federal and military/agency organizations, and
practitioners from industry and financial organizations to understand the
key practical and research issues related to building a successful
intrusion detection system.
Content
- Introduction (Computer Security, Prevention / Protection, Intrusion
Detection)
- Intrusion detection systems (architecture, design, evaluation, taxonomy)
- Characteristics of intrusion analysis problem
- Data Mining in Intrusion Detection - Introduction
- Data Preprocessing for data mining models in intrusion detection
- Data Mining Approaches - Misuse Detection vs. Anomaly Detection
- Centralized vs. Distributed Intrusion Detection Systems
- Benchmarking of intrusion detection systems
- Data mining for intrusion prevention, cyber forensics, credit card fraud
detection
- Conclusions
Audience
This tutorial will help participants to understand the key practical and
research issues related to applying data mining in intrusion analysis,
cyber forensic and other security applications. Several categories of
people will benefit from this tutorial:
Researchers from data mining and computer security community
interested in the state of the art data mining techniques for security
applications;
Officers from federal/government organizations interested to stop
different cyber threats and information leaks;
Officers from military/agency organizations interested to stop
different forms of
terrorism;
Practitioners from industry and financial organizations concerned
to stop different frauds into their information systems.
Audience is generally not required to have any background in computer
security, since basic definitions will be introduced. It is expected from
the audience to be familiar with the basic terms used in data mining. We
also assume that numerous officers, researchers, engineers from
government, military and federal organizations will be attracted to attend
the tutorial on this increasingly important topic for national security.
Bio
Aleksandar Lazarevic is a Research Associate at Army High Performance
Computing Research Center, University of Minnesota. His research interests
include data mining, parallel and distributed computing as well as
intrusion detection. He received B.Sc and M.Sc. degrees in Computer
Science and Engineering from University of Belgrade, Yugoslavia in 1994
and 1997 respectively. He received the PhD degree in Computer Science from
Temple University in December 2001. During his doctoral studies he has
authored around 20 research articles. Starting from January 2002, he is
currently leading the project related to applications of data mining for
network intrusion detection. He served as a Co-Chair for the Workshop on
Data Mining for Cyber Threat Analysis at the IEEE International Conference
on Data Mining to be held in Japan in December 2002. He also served as
Program Committee member on the same conference, at the Pacific Asia
Conference on Knowledge Discovery and Data Mining, 2003 and at the ICML
workshop for imbalanced data sets. He is also serving as a Publicity Chair
for the Third and Fourth SIAM International Conference on Data Mining. He
is a member of IEEE, SIAM and ACM.
Contact information:
Research Associate, Computer Science Department, University of Minnesota
200 Union Street SE, 4-192, EE/CSci Building,
University of Minnesota, Minneapolis, MN 55455
Phone: (612) 626-8096; Fax (612) 626-1596
E-mail: aleks@cs.umn.edu; Web Page: http://www.cs.umn.edu/~aleks
Jaideep Srivastava received his B.Tech. from the Indian Institute of
Technology, Kanpur, India, in 1983, and M.S. and Ph.D. from the University
of California - Berkeley in 1985 and 1988, respectively. Since 1988 he has
been on the faculty of the University of Minnesota, where is a Professor.
For over 15 years he has been active as a researcher, educator, and
consultant in the areas of databases, data mining, and multimedia. He has
established and led a database and multimedia research laboratory, where
16 people have received their doctorate and 37 people have received their
masters. Throughout his career Dr. Srivastava has had an active
collaboration with the industry, both for collaborative research and
technology transfer. Between 1999 and 2001 Dr. Srivastava was on leave
from the University of Minnesota, during which period he has spent time at
Amazon.com (www.amazon.com) as the Chief Data Mining Architect, and at
Yodlee Inc. (www.yodlee.com) as Director of Data Analytics. Dr. Srivastava
is an often-invited participant in technical as well as technology
strategy forums. He has given more than a hundred talks in various
industry, academic, and government forums. He is on the editorial boards
of the IEEE Transactions on Knowledge & Data Engineering, and the WWW
Journal and has been a guest editor for the Data Mining & Knowledge
Discovery Journal. He is the program co-chair for PAKDD 2003 and the
conference co-chair for the M2003 data mining conferences. The federal
government has solicited his opinion on computer science research as an
expert witness. He has served in an advisory role to the governments of
India and Chile on various software technologies. He is a senior member of
IEEE, and a member of ACM.
Contact information:
Professor, Computer Science Department, University of Minnesota
200 Union Street SE, 4-192, EE/CSci Building,
University of Minnesota, Minneapolis, MN 55455
Phone: (612) 626-8107; Fax (612) 626-1596
E-mail: srivasta@cs.umn.edu;
Vipin Kumar received the B.E. degree in electronics & communication
engineering from University of Roorkee, India, in 1977; the M.E. degree in
electronics engineering from Philips International Institute, Eindhoven,
Netherlands, in 1979; and the Ph.D. degree in computer science from
University of Maryland, College Park, in 1982. He is currently Director of
Army High Performance Computing Research Center and Professor of Computer
Science at the University of Minnesota. Kumar's current research interests
include parallel computing, parallel algorithms for scientific computing
problems, and data mining. His research has resulted in the development of
the concept of isoefficiency metric for evaluating the scalability of
parallel algorithms, as well as highly efficient parallel algorithms and
software for sparse matrix factorization (PSPACES), graph partitioning
(METIS, ParMetis, hMetis) and dense hierarchical solvers. He has authored
over 100 research articles, and coedited or coauthored 5 books including
the widely used textbook "Introduction to Parallel Computing" (Publ.
Benjamin Cummings/Addison Wesley, 1994). Kumar serves on the editorial
boards of IEEE Concurrency, Parallel Computing, the Journal of Parallel
and Distributed Computing, and served on the editorial board of IEEE
Transactions of Data and Knowledge Engineering during 93-97. He is a
Fellow of IEEE, a member of SIAM, and ACM.
Contact information:
Professor, Computer Science Department, University of Minnesota
200 Union Street SE, 4-192, EE/CSci Building,
University of Minnesota, Minneapolis, MN 55455
Phone: (612) 624-8023; Fax (612) 625-0572
E-mail: kumar@cs.umn.edu; Web Page: http://www.cs.umn.edu/~kumar