Skip to main content



Find us on

facebook youtube flickr twitter itunes u logo

Upcoming Events

Sal Stolfo

Salvatore J. Stolfo Columbia University
A Brief History of Symbiote DefenseTuesday, October 31st
Rockefeller 003
5:00 PM

 Fright Night Imge

Wanna See Something REALLY Scary?
ISTS Looks at the Dark Web on Halloween Night
Tuesday, October 31st
Sudikoff  045 Trust Lab (dungeon)
7:30 PM - RSVP
Space is Limited 


Recent Talks

Dan Wallach

STAR-Vote: A Secure, Transparent, Auditable and Reliable Voting System

Professor Dan Wallach
Rice University
Thursday April 27, 2017
Carson L01, 5:00 PM

Ben Miller Dragos

Pandora's Power Grid - What Can State Attacks Do and What Would be the Impact?

Ben Miller
Chief Threat Officer, Dragos, Inc.
Tuesday May 2, 2017
Kemeny 007, 4:30 PM
Brendan Nyhan




Factual Echo Chambers? Fact-checking and Fake News in Election 2016.

Professor Brendan Nyhan
Dartmouth College
Thursday May 4, 2017
Rocky 001, 5:00 PM

Dickie George


Espionage and Intelligence

Professor Dickie George
Johns Hopkins University
Thursday May 11, 2017
Rocky 001, 5:00 PM

Dan Wallach

A Nation Under Attack: Advanced Cyber-Attacks in Ukraine

Ukrainian Cybersecurity Researchers
Thursday April 6, 2017
Oopik Auditorium 5:30 PM

ISTS Information Pamphlet



Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA

Data Mining for Detection of Network Intrusions

Project Summary

Data Mining for Intrusion Detection

  1. Stepping Stones: We have focused on the application of data-mining techniques to a particular problem: detecting "stepping stones,'' that is, a situation where someone is telnetting through a sequence of machines. The theory is that while some of these occurrences are innocent, hackers quite frequently use a series of steppingstones to get to their target, in order to minimize the chance that the intrusion can be traced to their home machine.
  2. Masqueraders: Using the recently published Bell-Labs benchmark data, where real users' logs of UNIX commands were modified by using real logs from another user in a small number of places, Mr. Yung investigated the problem of detecting "masqueraders," where one user gets control of the account of another. Yung developed a technique that beats all of the proposed techniques that have been developed for the problem represented by this data. In particular, he gets significantly smaller false-positive rates for a fixed false-negative rate. The big idea is constant revision of what "normal" behavior for a user means, as more data is gathered, and the user's behavior evolves slowly.
  • Project Lead: Jeffrey Ullman (Stanford)