Abstract
Data mining is the process of posing queries and extracting patterns, often previously unknown from large quantities of data using pattern matching or other reasoning techniques. Data mining has many applications in security including for national security as well as for cyber security. The threats to national security include attacking buildings, destroying critical infrastructures such as power grids and telecommunication systems. Data mining techniques are being investigated to find out who the suspicious people are and who is capable of carrying out terrorist activities. Cyber security is involved with protecting the computer and network systems against corruption due to Trojan horses, worms and viruses. Data mining is also being applied to provide solutions such as intrusion detection and auditing.
The first part of the presentation will discuss my joint research with Prof. Latifur Khan and our students at the University of Texas at Dallas on data mining for cyber security applications. For example, anomaly detection techniques could be used to detect unusual patterns and behaviors. Link analysis may be used to trace the viruses to the perpetrators. Classification may be used to group various cyber attacks and then use the profiles to detect an attack when it occurs. Prediction may be used to determine potential future attacks depending in a way on information learned about terrorists through email and phone conversations. Data mining is also being applied for intrusion detection and auditing. Other applications include data mining for malicious code detection such as worm detection and managing firewall policies.
This second part of the presentation will discuss the various types of threats to national security and describe data mining techniques for handling such threats. Threats include non real-time threats and real-time threats. We need to understand the types of threats and also gather good data to carry out mining and obtain useful results. The challenge is to reduce false positives and false negatives.
The third part of the presentation will discuss some of the research challenges. We need some form of real-time data mining, that is, the results have to be generated in real-time, we also need to build models in real-time for real-time intrusion detection. Data mining is also being applied for credit card fraud detection and biometrics-related applications. While some progress has been made on topics such as stream data mining, there is still a lot of work to be done here. Another challenge is to mine multimedia data including surveillance video. Finally, we need to maintain the privacy of individuals. Much research has been carried out on privacy-preserving data mining.
In summary, the presentation will provide an overview of data mining, the various types of threats and then discuss the applications of data mining for malicious code detection and cyber security. Then we will discuss the consequences to privacy.
Bhavani Thuraisingham, Ph.D. biography
Dr. Bhavani Thuraisingham is the Louis A. Beecherl, Jr. Distinguished Professor in the Erik Jonsson School of Engineering and Computer Science at The University of Texas at Dallas (UTD) effective September 2010. She joined UTD in October 2004 as a Professor of Computer Science and Director of the Cyber Security Research Center which conducts research in data security and privacy, social media, data mining and semantic web. The Center also hosts the newly created Assured Information Sharing Institute with funding from a DoD MURI project. She is an elected Fellow of three professional organizations: the IEEE (Institute for Electrical and Electronics Engineers), the AAAS (American Association for the Advancement of Science) and the BCS (British Computer Society). She is the recipient of numerous prestigious awards including the IEEE Computer Society’s 1997 Technical Achievement Award for “outstanding and innovative contributions to secure data management.”
Prior to joining UTD, Dr. Thuraisingham was an IPA (Intergovernmental Personnel Act) at the National Science Foundation (NSF) in Arlington, VA, from the MITRE Corporation for three years. At NSF she established the Data and Applications Security Program and co-founded the Cyber Trust theme and was involved in interagency activities in data mining for counter-terrorism. She worked at MITRE in Bedford, MA between January 1989 and September 2001, first in the Information Security Center and later as a department head in Data and Information Management as well as Chief Scientist in Data Management in the Intelligence and Air Force centers. At MITRE she led large concurrent team research and development efforts on data management, data mining and data security for NSA, AFRL, SPAWAR, CECOM and CIA. She also served as a technical consultant in information security and data management to the Department of Defense, the Department of Treasury and the Intelligence Community for over 10 years and served as an expert consultant to the Department of Justice on software research credit cases. Thuraisingham’s industry experience includes six years of research and development as well as technology transfer at Control Data Corp. and Honeywell Inc. in Minneapolis.
Dr. Thuraisingham’s work in data management, data mining and data security has resulted in over 100 journal articles, over 200 refereed conference papers and workshops, three US patents and several IP disclosures. She is the author of ten books including one on data mining for counter-terrorism, another on Database and Applications Security and a third on Secure Semantic Service-Oriented Information Systems. She has given over 70 keynote presentations and has given invited talks at the White House Office of Science and Technology Policy and at the United Nations on Data Mining for counter-terrorism. She has been an instructor at AFCEA’s (Armed Forces Communications and Electronics Association) Professional Development Center since 1998 with students from the DoD, DHS, FBI and the Intelligence Community. She served on panels for the Air Force Scientific Advisory Board and the National Academy of Sciences including one on protecting children from inappropriate content on the Internet chaired by Hon. Dick Thornburgh (former US Attorney General) in 2000. During her six years at UTD, Dr. Thuraisingham has established and leads a strong research program in Assured Information Sharing and Data Mining with funding from agencies such as NSF, AFOSR, IARPA, NGA, NASA, ONR, ARO and NIH as well as corporations such as Raytheon Inc. She teaches courses in data and applications security, trustworthy semantic services and digital forensics and collaborates with the DFW corporations as well as North Texas Regional Computer Forensics Laboratory for student projects.
Dr. Thuraisingham is the founding president of “Bhavani Security Consulting, LLC” a company providing services in consulting and training in Information Technology to the US federal government. She is also the founder and a member of the board of directors of “Infosec Analytics, LLC”, a spin-off company from UTD developing tools in malware detection and information sharing. She was educated in the United Kingdom both at the University of Bristol and the University of Wales with degrees in Mathematics and Computer Science and she recently completed a Certificate in Terrorism Studies from St. Andrews University, Scotland.