How Data Mining is Used for Intrusion Detection

Data mining is the process of examining data to uncover patterns and deviations as well as determining any changes or events that have taken place within the data structure. Intrusion detection is the process of securing a network infrastructure through scanning the network for any suspicious activity. There are many different processes of data mining and intrusion detection as well, however the two methods are capable of working together efficiently to provide network security.

How Data Mining is Used for Intrusion Detection

Data mining can improve a network intrusion detection system by adding a new level of observation to detection of network data indifferences. Data mining provides an extra level of intrusion detection by identifying the boundaries for usual network activity so it can distinguish common activities from uncommon activities. Data mining significantly improves intrusion detection using a variety of different methods.

  • Code Variants: Unlike intrusion detection, data mining is based on the process of scanning for abnormal activity through code variants instead of unique signatures. For example, a buffer overflow whose code has been altered would be considered an exploit by attempting to escape an intrusion detection system that uses signatures.

  • Data Reduction: Data mining can significantly reduce data overload through its capability to extract specific amounts of data for identification and analysis. This helps the system to determine which data is most relevant and breaks it down so anomaly detection is easier to spot.

  • Filter Out Valid Network Activity: Data mining is used to help intrusion detection by being able to better identify valid network activity so it can filter it out to make detection of abnormal activity in data easier.

  • Attacks without Signatures: Since data mining is not signature-based like intrusion detection, it is more efficient in detecting abnormalities that do not contain signatures. If network activity contains a specific profile and rules of protocol, an abnormality is easily detected and can be extended to individual hosts, entire networks, specific users, and overall traffic patterns on the network at specific times.

Although data mining in intrusion detection is a fairly new method of maintaining network security, the data mining technique has been around for a long time and serves a variety of different purposes that involve both legitimate uses and malicious intentions by hackers who are trying to breach network security. Additionally, the concept of data mining has become more complex with the increased variety of applications that are currently used on a network within an organization. Because of the increased complexity, abnormalities can exist without being detected by a network intrusion detection system.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

With the advent of wireless Internet, more and more computer users are entering the world of cyber space.

Yet, while these users are well aware of the importance of the protection of their computer when hooked up to regular internet providers, they are often oblivious to the fact that the same cyber dangers, and in fact even more, exist in the world of WiFi.

What you may not know is that same Internet connection that makes it possible to check your email from the comfort of your bed also makes it easier for hackers to access your personal information.

It is for this reason, the sharing of the wireless Internet connection, that protecting your computer when wireless is even more important than ever before.