This document discusses the role of data mining in cyber security and intrusion detection. It begins with defining cyber security and cyber crimes. It then discusses how data mining can help with intrusion detection by applying algorithms to network traffic data to identify abnormal activities and security threats. Specifically, it outlines how classification methods like neural networks and clustering can be used to detect malware, build models of normal network behavior, and identify deviations that may indicate security issues. The goal is to use data mining to help detect a wide range of intrusions in a timely manner.

1. Role of Data Mining in
Presented By:
Redwan Ahmed
Md.Jaowad Hasan
Johana Kabir Tisha
Sourav Narayan Koer
Cyber Security

2. Outline
What is Cyber Security?
What is Cyber Crime?
Applications of Data Mining in Cyber Security.
Intrusion detection.
Why Can Data Mining Help?
Data Mining approaches for Intrusion Detection.
Conclusion.
2

3. Cyber Security
Set of technologies and processes designed to protect computers,
networks, programs, and data from attack, unauthorized access, change,
or destruction.
AMajor part of Cyber Security
is to fix broken Software.
Cyber
Security
Computer
SecuritySystem
Network
SecuritySystem
3

4. Cyber Crime
Encompasses any criminal act dealing with computers and networks.
Include:
• Malicious programs.
• Illegal imports.
• Computers Vandalism.
4

5. Cyber Security VSCyber Crime
Cyber
SecurityCyber Crime Cyber Security
Cyber
Crime
One side of the
coin
Other side of the
coin
5

6. Applications of Data Mining in Cyber Security
Malware detection.
Intrusion detection.
Fraud detection.
6

7. Intrusion Detection
The process of monitoring the events occurring in a computer system or
network and analyzing them for signs of intrusion.
7

8. Intrusion Detection System (IDS)
Combination of software and hardware that attempts to perform
intrusion detection.
Raise the alarm when possible intrusion happens.
Steps:
 Monitoring and analyzing traffic.
 Identifying abnormal activities.
 Assessing severity and raising alarm.
8

9. Information Source - Monitored System
Detector – ID Engine
Response
Component
Data gathering (sensors)
Raw data
Events
Knowledge base Configuration
Alarms
Actions
System State
System
State
Intrusion Detection System Architecture
9

10. Goals of Intrusion Detection System (IDS)
Detect wide variety of intrusions.
Detect intrusions in timely fashion.
Present analysis in simple, easy-to-understand format.
Be accurate.
10

11. Why WeNeed Intrusion Detection?
Security mechanisms alwayshave inevitable vulnerabilities.
Multiple levels of data confidentiality in commercial and government
organizations needs multi-layer protection in firewalls.
11

12. Why Can Data Mining Help?
 Data mining: applying specific algorithms to extract patterns from
data.
 From the data-centric point view, intrusion detection is a data
analysis process.
 Successful applications in related domains, e.g., fraud detection,
fault/alarm management.
 Learn from traffic data
 Maintain or update models on dynamic data.
12

13. Data Mining approaches for Intrusion Detection
13

14. Classification Methods
 Neural networks.
 Bayesian classification.
 Support vector
machines.
14

15. Email Worm Detection Using Data Mining
Outgoing Emails
Training Data
TestData
Classifier
Feature
Extraction
Machine
Learning
Themodel
Cleanor Infected
15

16. Clustering
Group data into clusters
Clustering Approaches
• K-means
• Hierarchical Clustering
16

17. Clustering for Intrusion Detection
Anomaly detection.
Any significant deviations from the expected behavior are reported as
possible attacks.
Build clusters as models for normal activities.
17

18. Conclusion
Data mining has great potential as a malware detection tool. It allows you
to analyze huge sets of information and extract new knowledge from it.
The main benefit of using data mining techniques for detecting
malicious software is the ability to identify both known and zero-day
attacks.
18