Abstract
This chapter provides an overview of the Minnesota Intrusion Detection System (MINDS), which uses a suite of data mining based algorithms to address different aspects of cyber security. The various components of MINDS such as the scan detector, anomaly detector and the profiling module detect different types of attacks and intrusions on a computer network. The scan detector aims at detecting scans which are the percusors to any network attack. The anomaly detection algorithm is very effective in detecting behavioral anomalies in the network traffic which typically translate to malicious activities such as denial-of-service (DoS) traffic, worms, policy violations and inside abuse. The profiling module helps a network analyst to understand the characteristics of the network traffic and detect any deviations from the normal profile. Our analysis shows that the intrusions detected by HINDS are complementary to those of traditional signature based systems, such as SNORT, which implies that they both can be combined to increase overall attack coverage. MINDS has shown great operational success in detecting network intrusions in two live deployments at the University of Minnesota and as a part of the Interrogator architecture at the US Army Research Lab — Center for Intrusion Monitoring and Protection (ARL-CIMP).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Rakesh Agrawal, Tomasz Imieliski, and Arun Swami. Mining association rules between sets of items in large databases. In Proceedings of the 1993 ACM SIGMOD international conference on Management of data, pages 207–216. ACM Press, 1993.
Daniel Barbara and Sushil Jajodia, editors. Applications of Data Mining in Computer Security. Kluwer Academic Publishers, Norwell, MA, USA, 2002.
Markus M. Breunig, Hans-Peter Kriegel, Raymond T. Ng, and J Sander. Lof: identifying density-based local outliers. In Proceedings of the 2000 ACM SIGMOD international conference on Management of data, pages 93–104. ACM Press, 2000.
Varun Chandola and Vipin Kumar. Summarization — compressing data into an informative representation. In Fifth IEEE International Conference on Data Mining, pages 98–105, Houston, TX, November 2005.
William W. Cohen. Fast effective rule induction. In International Conference on Machine Learning (ICML), 1995.
Dorothy E. Denning. An intrusion-detection model. IEEE Trans. Softw. Eng., 13(2):222–232, 1987.
Eric Eilertson, Levent ErtΘz, Vipin Kumar, and Kerry Long, Minds — a new approach to the information security process. In 24th Army Science Conference. US Army, 2004.
Levent ErtΘz, Eric Eilertson, Aleksander Lazarevic, Pang-Ning Tan, Vipin Kumar, Jaideep Srivastava, and Paul Dokas. MINDS — Minnesota Intrusion Detection System. In Data Mining — Next Generation Challenges and Future Directions. MIT Press, 2004.
Levent Ertoz, Michael Steinbach, and Vipin Kumar. Finding clusters of different sizes, shapes, and densities in noisy, high dimensional data. In Proceedings of 3rd SIAM International Conference on Data Mining, May 2003.
Anil K. Jain and Richard C. Dubes. Algorithms for Clustering Data. Prentice-Hall, Inc., 1988.
Jaeyeon Jung, Vern Paxson, Arthur W. Berger, and Hari Balakrishnan. Fast portscan detection using sequential hypothesis testing. In IEEE Symposium on Security and Privacy, 2004.
Vipin Kumar, Jaideep Srivastava, and Aleksander Lazarevic, editors. Managing Cyber Threats-Issues, Approaches and Challenges, Springer Verlag, May 2005.
Aleksandar Lazarevic, Levent ErtΘz, Vipin Kumar, Aysel Ozgur, and Jaideep Srivastava. A comparative study of anomaly detection schemes in network intrusion detection. In SIAM Conference on Data Mining (SDM), 2003.
C. Lickie and R. Kotagiri. A probabilistic approach to detecting network scans. In Eighth IEEE Network Operations and Management, 2002.
Kerry Long. Catching the cyber-spy, arl’s interrogator. In 24th Army Science Conference, US Army, 2004.
V. Paxon. Bro: a system for detecting network intruders in real-time. In Eighth IEEE Network Operators and Management Symposium (NOMS), 2002.
Phillip A. Porras and Alfonso Valdes. Live traffic analysis of tcp/ip gateways. In NDSS, 1998.
Seth Robertson, Eric V. Siegel, Matt Miller, and Salvatore J. Stolfo. Surveillance detection in high bandwidth environments. In DARPA DISCEX III Conference, 2003.
Martin Roesch. Snort: Lightweight intrusion detection for networks. In USA, pages 229–238, 1999.
Gyorgy Simon, Hui Xiong, Eric Eilertson, and Vipin Kumar. Scan detection: A data mining approach. Technical Report AHPCRC 038, University of Minnesota — Twin Cities, 2005.
Gyorgy Simon, Hui Xiong, Eric Eilertson, and Vipin Kumar. Scan detection: A data mining approach. In Proceedings of SIAM Conference on Data Mining (SDM), 2006.
Anoop Singhal and Sushil Jajodia. Data mining for intrusion detection. In Data Mining and Knowledge Discovery Handbook, pages 1225–1237. Springer, 2005.
Stuart Staniford, James A. Hoagland, and Joseph M. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1/2):105–136, 2002.
Pang-Ning Tan, Michael Steinbach, and Vipin Kumar. Introduction to Data Mining, Addison-Wesley, May 2005.
Nicholas Weaver, Stuart Staniford, and Vern Paxson. Very fast containment of scanning worms. In 13th USENIX Security Symposium, 2004.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Chandola, V., Eilertson, E., Ertoz, L., Simon, G., Kumar, V. (2007). Minds: Architecture & Design. In: Data Warehousing and Data Mining Techniques for Cyber Security. Advances in Information Security, vol 31. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-47653-7_6
Download citation
DOI: https://doi.org/10.1007/978-0-387-47653-7_6
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-26409-7
Online ISBN: 978-0-387-47653-7
eBook Packages: Computer ScienceComputer Science (R0)