12-11-2012, 04:32 PM
Data Mining for Malicious Code Detection and Security Applications
Data Mining for Malicious.pdf (Size: 165.09 KB / Downloads: 45)
Abstract-
Data mining is the process of posing queries and
extracting patterns, often previously unknown from large quantities
of data using pattern matching or other reasoning techniques. Data
mining has many applications in security including for national
security as well as for cyber security. The threats to national security
include attacking buildings, destroying critical infrastructures such
as power grids and telecommunication systems. Data mining
techniques are being investigated to find out who the suspicious
people are and who is capable of carrying out terrorist activities.
Cyber security is involved with protecting the computer and network
systems against corruption due to Trojan horses, worms and viruses.
Data mining is also being applied to provide solutions such as
intrusion detection and auditing.
The first part of the presentation will discuss my joint research with
Prof. Latifur Khan and our students at the University of Texas at
Dallas on data mining for cyber security applications. For example,
anomaly detection techniques could be used to detect unusual
patterns and behaviors. Link analysis may be used to trace the
viruses to the perpetrators. Classification may be used to group
various cyber attacks and then use the profiles to detect an attack
when it occurs. Prediction may be used to determine potential future
attacks depending in a way on information learned about terrorists
through email and phone conversations. Data mining is also being
applied for intrusion detection and auditing. Other applications
include data mining for malicious code detection such as worm
detection and managing firewall policies.