How Data Mining is Used for Intrusion Detection
Data mining is the process of examining data to uncover patterns and deviations as well as determining any changes or events that have taken place within the data structure. Intrusion detection is the process of securing a network infrastructure through scanning the network for any suspicious activity. There are many different processes of data mining and intrusion detection as well, however the two methods are capable of working together efficiently to provide network security.
How Data Mining is Used for Intrusion Detection
Data mining can improve a network intrusion detection system by adding a new level of observation to detection of network data indifferences. Data mining provides an extra level of intrusion detection by identifying the boundaries for usual network activity so it can distinguish common activities from uncommon activities. Data mining significantly improves intrusion detection using a variety of different methods.
- Code Variants: Unlike intrusion detection, data mining is based on the process of scanning for abnormal activity through code variants instead of unique signatures. For example, a buffer overflow whose code has been altered would be considered an exploit by attempting to escape an intrusion detection system that uses signatures.
- Data Reduction: Data mining can significantly reduce data overload through its capability to extract specific amounts of data for identification and analysis. This helps the system to determine which data is most relevant and breaks it down so anomaly detection is easier to spot.
- Filter Out Valid Network Activity: Data mining is used to help intrusion detection by being able to better identify valid network activity so it can filter it out to make detection of abnormal activity in data easier.
- Attacks without Signatures: Since data mining is not signature-based like intrusion detection, it is more efficient in detecting abnormalities that do not contain signatures. If network activity contains a specific profile and rules of protocol, an abnormality is easily detected and can be extended to individual hosts, entire networks, specific users, and overall traffic patterns on the network at specific times.
Although data mining in intrusion detection is a fairly new method of maintaining network security, the data mining technique has been around for a long time and serves a variety of different purposes that involve both legitimate uses and malicious intentions by hackers who are trying to breach network security. Additionally, the concept of data mining has become more complex with the increased variety of applications that are currently used on a network within an organization. Because of the increased complexity, abnormalities can exist without being detected by a network intrusion detection system.
Post a comment