|
"IDS + Data Mining = More Advanced
Detection."
|
|
|
|
The
acts of terrorism
committed on 9/11 have forced the United States government to re-think
how it looks at all of the various data sources within the government
and in the private sector. In particular, how it detects system
intrusions, evaluate the threats, and the reaction to that threat.
The
major issue with developing a system or process for the monitoring and
evaluation of intrusions is the massive amounts of data along with
multiple sources and how to derive some meaning from that data.
The intelligence and variety
of techniques used by hackers in
infiltrating a system or causing a system disruption create many
problems for the system administrator. Pouring through massive volumes
of data in an attempt to spot an intrusion is nearly impossible.
If the
attack is intelligent and staged in such a way as to happen over time,
then the intrusion might go completely unnoticed until after the damage
is done. Additionally, reviewing logs only gives you an indication of
attack after the fact, or while the attack is still occurring.
Early detection of an attack requires the use of sophisticated
Intrusion Detection Systems (IDS). A basic Intrusion Detection System
can monitor the processes and resources of a computer system for
behavior that deviates from “normal” activity, and
provide useful evidence that can be used to find the origin of the
intrusion.
Data mining has been identified as the key technology in the
development of new more sophisticated intrusion detection systems.
Various government agencies have already begun to use data mining
techniques to aide in the extraction and analysis of large data sets.
This website introduces the concepts of infrastructure security, types
of intrusions, Intrusion Detection Systems, and the use of data mining
techniques to evaluate large of amounts of system log and network data
to create a more advanced Intrusion Detection System.
|
|
|
|
