Wenke Lee, Developing Data Mining Techniques for Intrusion Detection: A Progress Report episode artwork

EPISODE · Oct 11, 2000 · 1H

Wenke Lee, Developing Data Mining Techniques for Intrusion Detection: A Progress Report

from CERIAS Weekly Security Seminar - Purdue University

Intrusion detection (ID) is an important component of infrastructure protection mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, extensible, and cost-effective. These requirements are very challenging because of the complexities of today's network environments and the lack of IDS development tools. Our research aims to systematically improve the development process of IDSs. In the first half of the talk, I will describe our data mining framework for constructing ID models. This framework mines activity patterns from system audit data and extracts predictive features from the patterns. It then applies machine learning algorithms to the audit records, which are processed according to the feature definitions, to generate intrusion detection rules. This framework is a "toolkit" (rather than a "replacement") for the IDS developers. I will discuss the design and implementation issues in utilizing expert domain knowledge in our framework. In the second half of the talk, I will give an overview of our current research efforts, which include: cost-sensitive analysis and modeling techniques for intrusion detection; information-theoretic approaches for anomaly detection; and correlation analysis techniques for understanding attack scenarios and early detection of intrusions. About the speaker: Wenke Lee is an Assistant Professor in the Computer Science Department at North Carolina State University. He received his Ph.D. in Computer Science from Columbia University and B.S. in Computer Science from Zhongshan University, China. His research interests include network security, data mining, and workflow management. He is a Principle Investigator (PI) for research projects in intrusion detection and network management, with funding from DARPA, North Carolina Network Initiatives, Aprisma Management Technologies, and HRL Laboratories. He received a Best Paper Award (applied research category) at the 5th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD-99), and Honorable Mention (runner-up) for Best Paper Award (applied research category) at both KDD-98 and KDD-97. He is a member of ACM and IEEE.

Episode metadata supplied by the publisher feed · Published Oct 11, 2000

Intrusion detection (ID) is an important component of infrastructure protection mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, extensible, and cost-effective. These requirements are very challenging because of the complexities of today's network environments and the lack of IDS development tools. Our research aims to systematically improve the development process of IDSs. In the first half of the talk, I will describe our data mining framework for constructing ID models. This framework mines activity patterns from system audit data and extracts predictive features from the patterns. It then applies machine learning algorithms to the audit records, which are processed according to the feature definitions, to generate intrusion detection rules. This framework is a "toolkit" (rather than a "replacement") for the IDS developers. I will discuss the design and implementation issues in utilizing expert domain knowledge in our framework. In the second half of the talk, I will give an overview of our current research efforts, which include: cost-sensitive analysis and modeling techniques for intrusion detection; information-theoretic approaches for anomaly detection; and correlation analysis techniques for understanding attack scenarios and early detection of intrusions. About the speaker: Wenke Lee is an Assistant Professor in the Computer Science Department at North Carolina State University. He received his Ph.D. in Computer Science from Columbia University and B.S. in Computer Science from Zhongshan University, China. His research interests include network security, data mining, and workflow management. He is a Principle Investigator (PI) for research projects in intrusion detection and network management, with funding from DARPA, North Carolina Network Initiatives, Aprisma Management Technologies, and HRL Laboratories. He received a Best Paper Award (applied research category) at the 5th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD-99), and Honorable Mention (runner-up) for Best Paper Award (applied research category) at both KDD-98 and KDD-97. He is a member of ACM and IEEE.

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Wenke Lee, Developing Data Mining Techniques for Intrusion Detection: A Progress Report

0:00 1:00:26

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of CERIAS Weekly Security Seminar - Purdue University?

This episode is 1 hour and 0 minutes long.

When was this CERIAS Weekly Security Seminar - Purdue University episode published?

This episode was published on October 11, 2000.

What is this episode about?

Intrusion detection (ID) is an important component of infrastructure protection mechanisms. Intrusion detection systems (IDSs) need to be accurate, adaptive, extensible, and cost-effective. These requirements are very challenging because of the...

Can I download this CERIAS Weekly Security Seminar - Purdue University episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!