Vipin Kumar
University of Minnesota
February 16, 2006
1065 Kemper Hall
3 :10-4:00 p.m.
High-Performance Data Mining for Cyber Security
Ensuring that information resources, including data, computing systems, and data networks, are protected from cyber attacks is of great importance in today's interconnected network computing environments. This talk will provide an overview of the MINDS (Minnesota Intrusion Detection System) project at the University of Minnesota that is developing a suite of data mining techniques to automatically detect novel and emerging attacks against computing networks and systems.
While the long-term objective of MINDS is to address all aspects of intrusion detection, in this talk we focus on two specific aspects. First, we show how the behavior-based anomaly detection approach of MINDS is suitable for detecting new and previously unknown types of intrusions, policy violations, and insider attacks that are hard to detect. Second, we discuss how correlation of information from multiple sources and IDS tools can help detect stealth, multi-step attacks that are difficult to detect otherwise.
MINDS is currently being used to monitor over 40,000 computers at the University of Minnesota. In addition, it is an integral part of the Army's Interrogator architecture, which is used at the Army Research Laboratory's Center for Intrusion Monitoring and Protection to analyze network traffic from Defense Department sites around the country. MINDS routinely detects novel intrusions, policy violations and insider abuses that are missed by other widely used signature-based tools such as SNORT.