CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Developing Custom Intrusion Detection Filters Using Data Mining

Chris Clifton

Chris Clifton - The MITRE Corporation

Dec 10, 1999


Detecting intrusions requires analyzing vast amounts of network traffic. Data mining technology exists to analyze vast amounts of data. The connection appears obvious; as evidenced by the recent KDD'99 classifier learning contest. In this talk, I will discuss possible applications of data mining to intrusion detection, and highlight possible pitfalls.

We are approaching this from the perspective that we must build on, not supplant, existing intrusion detection work. I will present an overview of and preliminary results from a new project in this area. We are using generalized frequent episodes to analyze intrusion detection system output. This will enable development of site-specific filters to reduce the flow of information from intrusion detection systems to manageable levels.

About the Speaker

Dr. Clifton is a Principal Scientist in the Information Technology Center at MITRE. He received his Ph.D. from Princeton University in 1991, and his Bachelor's and Master's degrees from the Massachusetts Institute of Technology in 1986. Prior to joining MITRE in 1995, he was an Assistant Professor of Computer Science at Northwestern University. His research interests include data mining, database support for text, and heterogeneous databases.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.