1. Data Mining in Cyber Security Intrusion Detection
Presented by : Sagar Deepak Thapa
Guided By : Prof Nagaraju Bogiri
KJ College Of Engineering And Management Research Pune
4072
2. Outline
What is Cyber Security?
What is Cyber Crime?
Applications of Data Mining in Cyber Security.
Intrusion detection.
Why Can Data Mining Help?
Data Mining approaches for Intrusion Detection.
Conclusion.
3. Cyber Security
Set of technologies and processes designed to protect computers,
networks, programs, and data from attack, unauthorized access, change,
or destruction.
A Majorpart of Cyber Security
is to fix broken Software.
Cyber
Security
Computer
SecuritySystem
Network
SecuritySystem
5. Cyber Security VS CyberCrime
Cyber
Security
CyberCrime CyberSecurity
Cyber
Crime
One side of the
coin
Other side of the
coin
6. Applications of Data Mining in Cyber Security
Malwaredetection.
Intrusion detection.
Fraud detection.
7. Intrusion Detection
The process of monitoring the events occurring in a computer systemor
network and analyzing them for signs of intrusion.
8. Intrusion Detection System (IDS)
Combination of software and hardware that attempts to perform
intrusion detection.
Raise the alarm when possible intrusion happens.
Steps:
Monitoring and analyzing traffic.
Identifying abnormal activities.
Assessing severity and raisingalarm.
9. Detector – ID Engine
Response
Component
Data gathering (sensors)
Raw data
Information Source - Monitored System
Events
Knowledge base Configuration
Alarms
Actions
SystemState
System
State
Intrusion Detection System Architecture
10. Goals of Intrusion Detection System (IDS)
Detect wide variety of intrusions.
Detect intrusions in timelyfashion.
Present analysis in simple, easy-to-understand format.
Be accurate.
11. WhyWeNeed Intrusion Detection?
Security mechanisms always have inevitable vulnerabilities.
Multiple levels of data confidentiality in commercial and government
organizations needs multi-layer protection in firewalls.
12. Why Can Data MiningHelp?
Successful applications in related domains, e.g., fraud detection,
fault/alarm management.
Learn from traffic data
Maintain or update models on dynamic data.
Data mining: applying specific algorithms to extract patterns from
data.
From the data-centric point view
, intrusion detection is a data
analysisprocess.
17. Clustering for Intrusion Detection
Anomaly detection.
Any significant deviations from the expected behavior are reported as
possible attacks.
Build clusters as models for normal activities.
18. Conclusion
Data mining has great potential as a malware detection tool. It allows you
to analyze huge sets of information and extract new knowledge from it.
The main benefit of using data mining techniques for detecting
malicious software is the ability to identify both known and zero-day
attacks.