Minds: Architecture & Design

Varun Chandola, Eric Eilertson, Levent Ertoz, Gyorgy J Simon, Vipin Kumar

Research output: Chapter in Book/Report/Conference proceedingChapter

3 Scopus citations


This chapter provides an overview of the Minnesota Intrusion Detection System (MINDS), which uses a suite of data mining based algorithms to address different aspects of cyber security. The various components of MINDS such as the scan detector, anomaly detector and the profiling module detect different types of attacks and intrusions on a computer network. The scan detector aims at detecting scans which are the percusors to any network attack. The anomaly detection algorithm is very effective in detecting behavioral anomalies in the network traffic which typically translate to malicious activities such as denial-of-service (DoS) traffic, worms, policy violations and inside abuse. The profiling module helps a network analyst to understand the characteristics of the network traffic and detect any deviations from the normal profile. Our analysis shows that the intrusions detected by HINDS are complementary to those of traditional signature based systems, such as SNORT, which implies that they both can be combined to increase overall attack coverage. MINDS has shown great operational success in detecting network intrusions in two live deployments at the University of Minnesota and as a part of the Interrogator architecture at the US Army Research Lab - Center for Intrusion Monitoring and Protection (ARL-CIMP).

Original languageEnglish (US)
Title of host publicationData Warehousing and Data Mining Techniques for Cyber Security
PublisherSpringer New York LLC
Number of pages25
ISBN (Print)9780387264097
StatePublished - 2007

Publication series

NameAdvances in Information Security
ISSN (Print)1568-2633


  • anomaly detection
  • network intrusion detection
  • profiling
  • scan detection
  • summarization


Dive into the research topics of 'Minds: Architecture & Design'. Together they form a unique fingerprint.

Cite this