Abstract
This paper provides an overview of our efforts in detecting cyber attacks in networked information systems. Traditional signature based techniques for detecting cyber attacks can only detect previously known intrusions and are useless against novel attacks and emerging threats. Our current research at the University of Minnesota is focused on developing data mining techniques to automatically detect attacks against computer networks and systems. This research is being conducted as a part of MINDS (Minnesota Intrusion Detection System) project at the University of Minnesota. Experimental results on live network traffic at the University of Minnesota show that the new techniques show great promise in detecting novel intrusions. In particular, during the past few months our techniques have been successful in automatically identifying several novel intrusions that could not be detected using state-of-the-art tools such as SNORT.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 51-56 |
| Number of pages | 6 |
| Journal | Proceedings of SPIE - The International Society for Optical Engineering |
| Volume | 5101 |
| DOIs | |
| State | Published - 2003 |
| Event | PROCEEDINGS OF SPIE SPIE - The International Society for Optical Engineering:Battlespace Digitization and Network-Centric Systems III - Orlando, FL, United States Duration: Apr 23 2003 → Apr 25 2003 |
Keywords
- Anomaly / outlier detection
- Characterization
- Cyber threat analysis
- Data mining
- Learning from rare classes
- Network intrusion detection