Download Lecture18 - The University of Texas at Dallas

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
Document related concepts

Computer security wikipedia , lookup

Data Protection Act, 2012 wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Data remanence wikipedia , lookup

Information privacy law wikipedia , lookup

Transcript 
Data and Applications Security
Developments and Directions
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Lecture #18
Data Mining for Security Applications
March 17, 2005
Outline
 National Security/Cyber Security : Threats and
Countermeasures
 Overview of Data Mining
 Data Mining for National Security/Cyber Security
 Privacy Concerns
Aspects of Counterterrorism
 National Security Measures

Protection from Non-real-time Threats

Protection from Real-time Threats
 Protection from Cyberterrorism
- Cyber security
 Protection from Bioterrorism
 Preventing/Detecting/Containing Terrorist activities
Some National Security Measures
 Border Security
- Protecting National/State Borders
- Protecting Information Flows across borders
- Managing and Mitigating Risks
 First/Emergency Responses
- Detecting attacks (cyber or otherwise) and responding to attacks
in a timely manner
- Containing the damage
 Continued Monitoring and Management
- Manage attacks, lessons learned and prevent future attacks
- Surveillance, vigilance
Protection Objects for National Security
 Services
- Transportation, Financial, Medical, Insurance, Education, - -  Infrastructures
- Telecommunication networks, Power systems, water
supply/tanks/reservoirs
 Information related
- Computing systems and networks, National databases, Financial
databases., Medical databases, - - -
Cyber Security Measures
 Protection from Trojan Horses and Viruses
 Protection from Jamming
 Recovering from network and system failures through malicious
attacks
 Intrusion detection/prevention, auditing
 Secure clients, secure servers, secure networks and protocols,
secure middleware
 Develop and enforce security policies for Intranets and Internet
 Secure collaboration, e-commerce, transactions
 Access control, identification, authentication, nonrepudiation
National Security vs Cyber Security
 Cannot separate the two; Much of the data is now or will be on the
web
 Digital libraries have emerged; semantic web is a matter of time
 Example: Border security measures include physically protecting
the borders as well as protecting information flow across borders
 Transportation security
 Effective cyber security measures could prevent national security
disasters
- e.g., monitoring email and data on the web
Some common threads
 Identify threats and group/classify threats
 Learn from experiences, prior situations
 Develop techniques to prevent attacks
 Develop techniques to detect attacks, deal with attacks in a timely
manner
 Develop techniques to monitor and prevent future attacks
What is Data Mining?
The process of discovering meaningful new correlations, patterns
and trends, often previously unknown, by sifting through large
amounts of data, using pattern recognition, statistical and
mathematical techniques
Information Harvesting
Data Mining
Siftware
Knowledge Discovery
in Databases
Data Pattern Processing
Knowledge Mining
Data Archaeology
Knowledge Extraction
Data Dredging
Database Mining
Steps to Data Mining
Integrate
data
sources
Data sources
Clean/
modify
data
sources
Report/
evaluate
results
Mine
the data
Examine/
prune
results
The cycle may continue; add new data, use different algorithms
What’s going on in data mining?
 What are the technologies for data mining?
- Database management, machine learning, statistics, pattern
recognition, visualization, parallel processing, . . .
 What can data mining do for you?
- Data mining outcomes:
Classification, Clustering, Association,
Anomaly detection, Prediction, Estimation, . . .
 How do you carry out data mining?
- Data mining techniques: Decision trees, Neural networks,
Market-basket analysis, Genetic algorithms, . . .
 What is the current status?
- Many commercial products mine relational databases
 What are some of the challenges?
- Mining unstructured data, extracting useful patterns, web mining
Infrastructure Support for Data Mining
 We can have the best data mining tools, but without the
infrastructure we cannot carry out effective data mining
 Infrastructure includes
- High performance computing systems and networks
- Mass storage systems
- Caches for real-time applications
- Software environments for processing heterogeneous data from
multiple data sources
- Trained personnel
- Management commitment
- ......
Data Mining Needs for Counterterrorism:
Non-real-time Data Mining
 Gather data from multiple sources
- Information on terrorist attacks: who, what, where, when, how
- Personal and business data: place of birth, ethnic origin,
religion, education, work history, finances, criminal record,
relatives, friends and associates, travel history, . . .
- Unstructured data: newspaper articles, video clips, speeches,
emails, phone records, . . .
 Integrate the data, build warehouses and federations
 Develop profiles of terrorists, activities/threats
 Mine the data to extract patterns of potential terrorists and predict
future activities and targets
 Find the “needle in the haystack” - suspicious needles?
 Data integrity is important
 Techniques have to SCALE
Data Mining Needs for Counterterrorism:
Real-time Data Mining
 Nature of data
- Data arriving from sensors and other devices

Continuous data streams
- Breaking news, video releases, satellite images
- Some critical data may also reside in caches
 Rapidly sift through the data and discard unwanted data for later use
and analysis (non-real-time data mining)
 Data mining techniques need to meet timing constraints
 Quality of service (QoS) tradeoffs among timeliness, precision and
accuracy
 Presentation of results, visualization, real-time alerts and triggers
Data Mining Needs for Counterterrorism:
Cybersecurity
 Determine nature of threats and vulnerabilities
- e.g., emails, trojan horses and viruses
 Classify and group the threats
 Profiles of potential cyberterrorist groups and their capabilities
 Data mining for intrusion detection
- Real-time/ near-real-time data mining
- Limit the damage before it spreads
 Data mining for preventing future attacks
 Data mining for Digital forensics and Biometrics
Data Mining Needs for Counterterrorism:
Protection from Bioterrorism
 Determine nature of threats
- Biological weapons and agents, Chemical weapons and agents
 Classify and group the threats
 Identify the types of substances used
 Prevention and detection mechanisms
- Intelligence gathering, detecting symptoms
 Determine actions to be taken to avoid fatal and dangerous
situations
Are general data/web mining techniques
sufficient?
 Does one size fit all?
- Non real-time, real-time, cyber, bio?
 What are the major differences
- e.g., develop models ahead of time for real-time data mining?
- What happens in a very dynamic environment?
 Data mining tasks/outcomes
- Classification, clustering, associations, anomaly detection,
prediction - - - -?
 Data mining techniques
- Which techniques are good for which problems?
Where are we now?
 We have some tools for
- building data warehouses from structured data
- integrating structured heterogeneous databases
- mining structured data
- forming some links and associations
- information retrieval tools
- image processing and analysis
- pattern recognition
- video information processing
- visualizing data
- managing metadata
- intrusion detection and forensics
What are our challenges?
 Do the tools scale for large heterogeneous databases and petabyte
sized databases?
 Integrating structured data with unstructured data
 Extracting metadata from unstructured data
 Indexing unstructured data for efficient access
 Mining unstructured data
 Extracting useful patterns from knowledge-directed data mining
 Rapidly forming links and associations; get the big picture for real-
time data mining
 Mining the web
 Evaluating data mining algorithms
 Building testbeds
Some other data mining applications for
National Security
 Insider Threat analysis
 Preventing/Detecting Money laundering, Drug trafficking, Tax
violations
 Protecting children from inappropriate content on the Internet
- National Academy of Science Panel 2000-2001
Chair: Richard Thornburgh (former U.S. Attorney General)
 Protecting infrastructures, national databases, -.-.-.-
Form a Research Agenda
 Immediate action (0 - 1 year)
- We’ve got to know what our current capabilities are
- Do the commercial tools scale? Do they work only on special
data and limited cases? Do they deliver what they promise?
- Need an unbiased objective study with demonstrations
 At the same time, work on the big picture
- What do we want? What are our end results for the foreseeable
future? What are the criteria for success? How do we evaluate
the data mining algorithms? What testbeds do we build?
 Near-term (1 - 3 years)
- Leverage current research
- Fill the gaps in a goal-directed way
 Long-term research (3 - 5 years and beyond)
- 5-year
basic research plan for data mining for counterterrorism
IN SUMMARY:
 Data Mining is very useful to solve Security Problems
- Data mining tools could be used to examine audit data
-
-
and flag abnormal behavior
Much recent work in Intrusion detection
 e.g., Neural networks to detect abnormal patterns
Tools are being examined to determine abnormal patterns
for national security
 Classification techniques, Link analysis
Fraud detection
 Credit cards, calling cards, identity theft etc.
BUT CONCERNS FOR PRIVACY
Some Privacy concerns
 Medical and Healthcare
- Employers, marketers, or others knowing of private medical
concerns
 Security
- Allowing access to individual’s travel and spending data
- Allowing access to web surfing behavior
 Marketing, Sales, and Finance
- Allowing access to individual’s purchases
Data Mining as a Threat to Privacy
 Data mining gives us “facts” that are not obvious to human analysts
of the data
 Can general trends across individuals be determined without
revealing information about individuals?
 Possible threats:
Combine collections of data and infer information that is private
 Disease information from prescription data
 Military Action from Pizza delivery to pentagon
 Need to protect the associations and correlations between the data
that are sensitive or private
-
Some Problems and Solutions
 Problem: Privacy violations that result due to data mining
- Potential solution: Privacy-preserving data mining
 Problem: Privacy violations that result due to the Inference problem
- Inference is the process of deducing sensitive information from
the legitimate responses received to user queries
- Potential solution: Privacy Constraint Processing
 Problem: Privacy violations due to un-encrypted data
- Potential solution: Encryption at different levels
 Problem: Privacy violation due to poor system design
- Potential solution: Develop methodology for designing privacyenhanced systems
Some Directions:
Privacy Preserving Data Mining
 Prevent useful results from mining
- Introduce “cover stories” to give “false” results
- Only make a sample of data available so that an adversary is
unable to come up with useful rules and predictive functions
 Randomization
- Introduce random values into the data and/or results
- Challenge is to introduce random values without significantly
affecting the data mining results
- Give range of values for results instead of exact values
 Secure Multi-party Computation
- Each party knows its own inputs; encryption techniques used to
compute final results
Some Directions:
Privacy Controllers
 Privacy controller
- Augment a database system with a privacy controller for
constraint processing
- Content-based constraint: If document contains
information about X, then it is private
Association-based Constraint: Two or more documents
taken together is private; individually each document is
public
- Release constraint: After X is released Y becomes private
 Use of conceptual structures
- Design applications with privacy in mind
-
Architecture for Privacy
Constraint Processing
User Interface Manager
Privacy
Constraints
Constraint
Manager
Query Processor:
Constraints during
query and release
operations
DBMS
Database Design
Tool
Update
Processor:
Constraints during
database design
operation
Constraints
during update
operation
Database
Related documents
No Slide Title
No Slide Title
601323 Data Mining
601323 Data Mining
MKT 341 – Marketing Research
MKT 341 – Marketing Research
Special session on the social network mining and analysis
Special session on the social network mining and analysis
Big Data Mining: Frequent items and deep learning
Big Data Mining: Frequent items and deep learning
Principles of Data Mining. (2001) David Hand, Heikki Mannila, and
Principles of Data Mining. (2001) David Hand, Heikki Mannila, and
EDUCATIONAL DATA MINING
EDUCATIONAL DATA MINING
Data Mining and the Web
Data Mining and the Web
Database Management Systems (COSC 340H)
Database Management Systems (COSC 340H)
Read More
Read More
No Slide Title
No Slide Title
Presentation_Moses_L..
Presentation_Moses_L..
Knowledge Management
Knowledge Management