Skip to main content

Home

 

Find us on

facebook youtube flickr twitter itunes u logo

Upcoming Events

Sal Stolfo

Salvatore J. Stolfo Columbia University
A Brief History of Symbiote DefenseTuesday, October 31st
Rockefeller 003
5:00 PM

 Fright Night Imge

Wanna See Something REALLY Scary?
ISTS Looks at the Dark Web on Halloween Night
Tuesday, October 31st
Sudikoff  045 Trust Lab (dungeon)
7:30 PM - RSVP
Space is Limited 

   

Recent Talks

Dan Wallach

STAR-Vote: A Secure, Transparent, Auditable and Reliable Voting System

Professor Dan Wallach
Rice University
Thursday April 27, 2017
Carson L01, 5:00 PM

Ben Miller Dragos

Pandora's Power Grid - What Can State Attacks Do and What Would be the Impact?

Ben Miller
Chief Threat Officer, Dragos, Inc.
Tuesday May 2, 2017
Kemeny 007, 4:30 PM
Brendan Nyhan

 

 

 

Factual Echo Chambers? Fact-checking and Fake News in Election 2016.

Professor Brendan Nyhan
Dartmouth College
Thursday May 4, 2017
Rocky 001, 5:00 PM

Dickie George

 

Espionage and Intelligence

Professor Dickie George
Johns Hopkins University
Thursday May 11, 2017
Rocky 001, 5:00 PM

Dan Wallach

A Nation Under Attack: Advanced Cyber-Attacks in Ukraine

Ukrainian Cybersecurity Researchers
Thursday April 6, 2017
Oopik Auditorium 5:30 PM

ISTS Information Pamphlet


2012BrochureCover

 

Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
info.ists@dartmouth.edu

Data Mining for Detection of Network Intrusions

Project Summary

Data Mining for Intrusion Detection

  1. Stepping Stones: We have focused on the application of data-mining techniques to a particular problem: detecting "stepping stones,'' that is, a situation where someone is telnetting through a sequence of machines. The theory is that while some of these occurrences are innocent, hackers quite frequently use a series of steppingstones to get to their target, in order to minimize the chance that the intrusion can be traced to their home machine.
  2. Masqueraders: Using the recently published Bell-Labs benchmark data, where real users' logs of UNIX commands were modified by using real logs from another user in a small number of places, Mr. Yung investigated the problem of detecting "masqueraders," where one user gets control of the account of another. Yung developed a technique that beats all of the proposed techniques that have been developed for the problem represented by this data. In particular, he gets significantly smaller false-positive rates for a fixed false-negative rate. The big idea is constant revision of what "normal" behavior for a user means, as more data is gathered, and the user's behavior evolves slowly.
  • Project Lead: Jeffrey Ullman (Stanford)