ICDM 2003 Tutorial Data Mining for Computer Security Applications

 

by Aleksandar Lazarevic, Jaideep Srivastava and Vipin Kumar

Abstract

Modern society depends critically on the information infrastructure, and is becoming increasingly important to provide efficient security of information resources. However, security policies and mechanisms are not perfect and more and more organizations are becoming vulnerable to a wide variety of security breaches against information infrastructure. The escalating magnitude of this threat is evident from the increasing rate of cyber attacks against our computers in the past few years. According to a recent survey by CERT/CC (Computer Emergency Response Team/Coordination Center), the rate of cyber attacks has been more than doubling every year in recent times. Intrusion detection, as a special form of cyber threat analysis, includes identifying a set of malicious actions that "compromise the integrity, confidentiality, and availability of information resources". The tremendous increase of novel cyber attacks has made data mining based intrusion detection techniques extremely useful in their detection.

This tutorial provides an up-to-date introduction to the increasingly important field of the data mining in many security applications, including intrusion detection, credit card fraud detection, cyber forensics, homeland security. The tutorial will also serve as an overview of research directions in these fields. This tutorial will help researchers, officers from federal and military/agency organizations, and practitioners from industry and financial organizations to understand the key practical and research issues related to building a successful intrusion detection system.

Content

• Introduction (Computer Security, Prevention / Protection, Intrusion Detection)
• Intrusion detection systems (architecture, design, evaluation, taxonomy)
• Characteristics of intrusion analysis problem
• Data Mining in Intrusion Detection - Introduction
• Data Preprocessing for data mining models in intrusion detection
• Data Mining Approaches - Misuse Detection vs. Anomaly Detection
• Centralized vs. Distributed Intrusion Detection Systems
• Benchmarking of intrusion detection systems
• Data mining for intrusion prevention, cyber forensics, credit card fraud detection
• Conclusions

Audience

This tutorial will help participants to understand the key practical and research issues related to applying data mining in intrusion analysis, cyber forensic and other security applications. Several categories of people will benefit from this tutorial: Researchers from data mining and computer security community interested in the state of the art data mining techniques for security applications; Officers from federal/government organizations interested to stop different cyber threats and information leaks; Officers from military/agency organizations interested to stop different forms of terrorism; Practitioners from industry and financial organizations concerned to stop different frauds into their information systems. Audience is generally not required to have any background in computer security, since basic definitions will be introduced. It is expected from the audience to be familiar with the basic terms used in data mining. We also assume that numerous officers, researchers, engineers from government, military and federal organizations will be attracted to attend the tutorial on this increasingly important topic for national security.

Bio

Aleksandar Lazarevic is a Research Associate at Army High Performance Computing Research Center, University of Minnesota. His research interests include data mining, parallel and distributed computing as well as intrusion detection. He received B.Sc and M.Sc. degrees in Computer Science and Engineering from University of Belgrade, Yugoslavia in 1994 and 1997 respectively. He received the PhD degree in Computer Science from Temple University in December 2001. During his doctoral studies he has authored around 20 research articles. Starting from January 2002, he is currently leading the project related to applications of data mining for network intrusion detection. He served as a Co-Chair for the Workshop on Data Mining for Cyber Threat Analysis at the IEEE International Conference on Data Mining to be held in Japan in December 2002. He also served as Program Committee member on the same conference, at the Pacific Asia Conference on Knowledge Discovery and Data Mining, 2003 and at the ICML workshop for imbalanced data sets. He is also serving as a Publicity Chair for the Third and Fourth SIAM International Conference on Data Mining. He is a member of IEEE, SIAM and ACM. Contact information: Research Associate, Computer Science Department, University of Minnesota 200 Union Street SE, 4-192, EE/CSci Building, University of Minnesota, Minneapolis, MN 55455 Phone: (612) 626-8096; Fax (612) 626-1596 E-mail: aleks@cs.umn.edu; Web Page: http://www.cs.umn.edu/~aleks

Jaideep Srivastava received his B.Tech. from the Indian Institute of Technology, Kanpur, India, in 1983, and M.S. and Ph.D. from the University of California - Berkeley in 1985 and 1988, respectively. Since 1988 he has been on the faculty of the University of Minnesota, where is a Professor. For over 15 years he has been active as a researcher, educator, and consultant in the areas of databases, data mining, and multimedia. He has established and led a database and multimedia research laboratory, where 16 people have received their doctorate and 37 people have received their masters. Throughout his career Dr. Srivastava has had an active collaboration with the industry, both for collaborative research and technology transfer. Between 1999 and 2001 Dr. Srivastava was on leave from the University of Minnesota, during which period he has spent time at Amazon.com (www.amazon.com) as the Chief Data Mining Architect, and at Yodlee Inc. (www.yodlee.com) as Director of Data Analytics. Dr. Srivastava is an often-invited participant in technical as well as technology strategy forums. He has given more than a hundred talks in various industry, academic, and government forums. He is on the editorial boards of the IEEE Transactions on Knowledge & Data Engineering, and the WWW Journal and has been a guest editor for the Data Mining & Knowledge Discovery Journal. He is the program co-chair for PAKDD 2003 and the conference co-chair for the M2003 data mining conferences. The federal government has solicited his opinion on computer science research as an expert witness. He has served in an advisory role to the governments of India and Chile on various software technologies. He is a senior member of IEEE, and a member of ACM. Contact information: Professor, Computer Science Department, University of Minnesota 200 Union Street SE, 4-192, EE/CSci Building, University of Minnesota, Minneapolis, MN 55455 Phone: (612) 626-8107; Fax (612) 626-1596 E-mail: srivasta@cs.umn.edu;

Vipin Kumar received the B.E. degree in electronics & communication engineering from University of Roorkee, India, in 1977; the M.E. degree in electronics engineering from Philips International Institute, Eindhoven, Netherlands, in 1979; and the Ph.D. degree in computer science from University of Maryland, College Park, in 1982. He is currently Director of Army High Performance Computing Research Center and Professor of Computer Science at the University of Minnesota. Kumar's current research interests include parallel computing, parallel algorithms for scientific computing problems, and data mining. His research has resulted in the development of the concept of isoefficiency metric for evaluating the scalability of parallel algorithms, as well as highly efficient parallel algorithms and software for sparse matrix factorization (PSPACES), graph partitioning (METIS, ParMetis, hMetis) and dense hierarchical solvers. He has authored over 100 research articles, and coedited or coauthored 5 books including the widely used textbook "Introduction to Parallel Computing" (Publ. Benjamin Cummings/Addison Wesley, 1994). Kumar serves on the editorial boards of IEEE Concurrency, Parallel Computing, the Journal of Parallel and Distributed Computing, and served on the editorial board of IEEE Transactions of Data and Knowledge Engineering during 93-97. He is a Fellow of IEEE, a member of SIAM, and ACM. Contact information: Professor, Computer Science Department, University of Minnesota 200 Union Street SE, 4-192, EE/CSci Building, University of Minnesota, Minneapolis, MN 55455 Phone: (612) 624-8023; Fax (612) 625-0572 E-mail: kumar@cs.umn.edu; Web Page: http://www.cs.umn.edu/~kumar