Developing Data Mining Techniques for Intrusion Detection: A Progress Report
Wenke Lee - North Carolina State University
Oct 11, 2000PDF () Size: 222.5MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractIntrusion detection (ID) is an important component of infrastructure protection mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, extensible, and cost-effective. These requirements are very challenging because of the complexities of today's network environments and the lack of IDS development tools. Our research aims to systematically improve the development process of IDSs.
In the first half of the talk, I will describe our data mining framework for constructing ID models. This framework mines activity patterns from system audit data and extracts predictive features from the patterns. It then applies machine learning algorithms to the audit records, which are processed according to the feature definitions, to generate intrusion detection rules. This framework is a "toolkit" (rather than a "replacement") for the IDS developers. I will discuss the design and implementation issues in utilizing expert domain knowledge in our framework.
In the second half of the talk, I will give an overview of our current research efforts, which include: cost-sensitive analysis and modeling techniques for intrusion detection; information-theoretic approaches for anomaly detection; and correlation analysis techniques for understanding attack scenarios and early detection of intrusions.
About the SpeakerWenke Lee is an Assistant Professor in the Computer Science Department at North Carolina State University. He received his Ph.D. in Computer Science from Columbia University and B.S. in Computer Science from Zhongshan University, China. His research interests include network security, data mining, and workflow management. He is a Principle Investigator (PI) for research projects in intrusion detection and network management, with funding from DARPA, North Carolina Network Initiatives, Aprisma Management Technologies, and HRL Laboratories.
He received a Best Paper Award (applied research category) at the 5th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD-99), and Honorable Mention (runner-up) for Best Paper Award (applied research category) at both KDD-98 and KDD-97. He is a member of ACM and IEEE.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.