Data mining for security applications: Mining concept-drifting data streams to detect peer to peer botnet traffic

Author

Thuraisingham, Bhavani

Author_Institution

Univ. of Texas at Dallas, Dallas, TX

fYear

2008

fDate

17-20 June 2008

Abstract

The presentation first provide an overview for data mining for security applications and then discuss our research to the botnet problem which follows from an important observation that network traffic (as well as botnet traffic) is a continuous flow of data stream. Conventional data mining techniques are not directly applicable to stream data because of two vital problems associated with them: potentially infinite in length, and concept drift. We propose a technique that can efficiently handle both problems. Our main focus is to adapt three major data mining techniques: classification, clustering, and outlier detection to handle stream data. Our preliminary study on the development of new stream classification techniques for P2P bothnet detection has generated encouraging results. In addition to botnet detection, we also discuss our research on data mining for malicious code detection and intrusion detection.

Keywords

data mining; pattern classification; pattern clustering; peer-to-peer computing; security of data; classification technique; clustering technique; concept-drifting data stream mining; data mining; intrusion detection; malicious code detection; network traffic; outlier detection technique; peer to peer botnet traffic; security applications; Application software; Computer crime; Computer industry; Computer science; Computer security; Data mining; Data security; Information security; Intrusion detection; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligence and Security Informatics, 2008. ISI 2008. IEEE International Conference on

Conference_Location

Taipei

Print_ISBN

978-1-4244-2414-6

Electronic_ISBN

978-1-4244-2415-3

Type

conf

DOI

10.1109/ISI.2008.4565013

Filename

4565013