DocumentCode
2129695
Title
Actionable Knowledge Discovery for Threats Intelligence Support Using a Multi-dimensional Data Mining Methodology
Author
Thonnard, Olivier ; Dacier, Marc
Author_Institution
Polytech. Fac., R. Mil. Acad., Brussels
fYear
2008
fDate
15-19 Dec. 2008
Firstpage
154
Lastpage
163
Abstract
This paper describes a multi-dimensional knowledge discovery and data mining (KDD) methodology that aims at discovering actionable knowledge related to Internet threats, taking into account domain expert guidance and the integration of domain-specific intelligence during the data mining process. The objectives are twofold: i) to develop global indicators for assessing the prevalence of certain malicious activities on the Internet, and ii) to get insights into the modus operandi of new emerging attack phenomena, so as to improve our understanding of threats. In this paper, we first present the generic aspects of a domain-driven graph-based KDD methodology, which is based on two main components: a clique-based clustering technique and a concepts synthesis process using cliques´ intersections. Then, to evaluate the applicability of this approach to our application domain, we use a large dataset of real-world attack traces collected since 2003. Our experimental results show that significant insights can be obtained into the domain of threat intelligence by using this multi-dimensional knowledge discovery method.
Keywords
Internet; data mining; security of data; Internet threats; clique-based clustering technique; domain-specific intelligence; knowledge discovery; multi-dimensional data mining methodology; threats intelligence support; Computer worms; Computerized monitoring; Conferences; Data mining; Data security; Electronic mail; IP networks; Internet; Intrusion detection; Marketing and sales; Internet threat intelligence; domain-driven data mining; knowledge discovery;
fLanguage
English
Publisher
ieee
Conference_Titel
Data Mining Workshops, 2008. ICDMW '08. IEEE International Conference on
Conference_Location
Pisa
Print_ISBN
978-0-7695-3503-6
Electronic_ISBN
978-0-7695-3503-6
Type
conf
DOI
10.1109/ICDMW.2008.78
Filename
4733933
Link To Document