Data Mining for Detection of Network Intrusions
Project Summary
Data Mining for Intrusion Detection
- Stepping Stones: We have focused on the application of data-mining techniques to a particular problem: detecting "stepping stones,'' that is, a situation where someone is telnetting through a sequence of machines. The theory is that while some of these occurrences are innocent, hackers quite frequently use a series of steppingstones to get to their target, in order to minimize the chance that the intrusion can be traced to their home machine.
- Masqueraders: Using the recently published Bell-Labs benchmark data, where real users' logs of UNIX commands were modified by using real logs from another user in a small number of places, Mr. Yung investigated the problem of detecting "masqueraders," where one user gets control of the account of another. Yung developed a technique that beats all of the proposed techniques that have been developed for the problem represented by this data. In particular, he gets significantly smaller false-positive rates for a fixed false-negative rate. The big idea is constant revision of what "normal" behavior for a user means, as more data is gathered, and the user's behavior evolves slowly.
- Project Lead: Jeffrey Ullman (Stanford)
