Institute for Security Technology Studies (ISTS)
      
SEARCH: 
  Advanced Search  
Dartmouth CollegeInstitute for Security Technology Studies
Cyber and Homeland Security Research & Development
Contents
ISTS Home
About
Projects
Past Projects
Library
People
People Database
Events
Newsroom
Academic Programs
Jobs & Internships
Sponsors
Links of Interest
Dartmouth College
Contact Us
Mailing List


Project Archives
<< Back to Project Archives Index
Data Mining for Detection of Network Intrusions
Project Summary:

Data Mining for Intrusion Detection

1.  Stepping Stones:  We have focussed on the application of data-mining techniques to a particular problem: detecting "stepping stones,'' that is, a situation where someone is telnetting through a sequence of machines.  The theory is that while some of these occurrences are innocent, hackers quite frequently use a series of steppingstones to get to their target, in order to minimize the chance that the intrusion can be traced to their home machine.

2.  Masqueraders:  Using the recently published Bell-Labs benchmark data, where real users' logs of UNIX commands were modified by using real logs from another user in a small number of places, Mr. Yung investigated the problem of detecting "masqueraders," where one user gets control of the account of another.  Yung developed a technique that beats all of the proposed techniques that have been developed for the problem represented by this data.  In particular, he gets significantly smaller false-positive rates for a fixed false-negative rate.  The big idea is constant revision of what "normal" behavior for a user means, as more data is gathered, and the user's behavior evolves slowly.

Project Lead:

Jeffrey Ullman (Stanford)


Copyright © 2003-2007 Trustees of Dartmouth College