24-08-2011, 12:25 PM
1 Introduction
This is a summary of discussions at Workshop onData Mining for Security Applications CCS’01, PA.In this document data mining takes a broad meaningwhich may, sometimes, include machine learning(ML) and artificial intelligence (AI). Furthermore,forensics and intrusion detection are interchangeablein some contexts. Please note it is beyond the scopeof our discussions to provide better definitions tothese terms.It is noted in early discussions that most data miningsolutions avoid recognition of simple, effectivesubstitutes in place of sophisticated, computationallyintensive data mining techniques. One of thesuggestions is that future performance comparisonsshould include some of these simple, effective methodswhere appropriate. Also noted that most datamining techniques do not emphasize enough on preprocessingand post-processing of datasets. It wasemphasized that we should use machine learning techniquesto fine tune input datasets before data miningand should automate decision making after data mining.Authors demonstrated use of data mining forintrusion detection, for identifying denial of serviceattacks and for forensics.2 Questions...Traditionally data mining has solved problems indatabase systems and bio-informatics– where datamining techniques are still being used successfully tomap genome– and financial engineering. Recentlydata mining community started applying similartechniques to existing security problems. “This eventprovides an opportunity for attendees of the ACM_Feel free to edit this document but please let me knowwhat you did so that I can keep my copy fresh. Thanks!CCS to meet with researchers who are interested inapplying data mining techniques to security applicationsand discuss critical issues of mutual interestduring a concentrated period.
”Two fundamental questions were asked and mostlywent unanswered in our discussions.
1. Are we trying to solve the right security problem(s)?
Are denial of service and intrusion detectionright problems for data mining or are there anyother security problems where data mining couldbe more effective– such as cryptanalysis–, usefuland perhaps preventive? It was suggested forensicsis one of the fields that can use data miningfor effective data reduction and for learning newinsights or patterns. There were no other suggestions.
2. Do security problems need development of newdata mining techniques?It is hard to answer this question without answeringthe previous question. We have not yet identifiedsecurity problems that mandate a wholenew data mining approach. However, it was feltstrongly among the panel that new data miningtechniques will have to be investigated in nearfuture. One of the suggestions was to investigatetechniques used in bio-informatics to solve securityproblems– especially intrusion detection.3 Ideas & OpinionsFollowing is a collection of ideas and opinions thatcame out of this workshop. Most of them revolvearound security problems for which data mining canprovide solutions.
Download full report
http://googleurl?sa=t&source=web&cd=1&ve...ingsec.pdf&ei=HqBUTrPaPM_xrQe354jSDg&usg=AFQjCNEKgl9RJVfh2YHuxkYcTZOlBNNY0Q&sig2=7sbFEWJUAw7iKs_WSHiKCw