Dynamic data mining for information exploitation

There is now an ever increasing threat to the nation´s cyberspace infrastructure. Cyberterrorists can and have broken into power systems, banking systems, and defense systems, with relative ease. We show how data mining technologies can be exploited in the identification of threats on the Internet. Currently, large data repositories are currently maintained by military organizations which contain Internet addresses of those who access (legitimately or illegitimately) military systems. This information together with additional information from other data sources can be mined so as to identify suspicious `profiles´. A profile consists of sets of rules that define suspicious behavior. Knowledge bases consisting of these profiles can be developed in conjunction with data mining technologies such as case based reasoning, association, clustering, temporal, and similarity reasoning for the purpose of targeting-in advance-potential threats on the Internet. We report on a system called ProfileMiner^TM that we have developed. Using ProfileMiner, users can describe profiles of interest to them. The ProfileMiner system automatically creates similar profiles and alerts the user when an individual or activity precisely matches the profile, or when he matches a “similar” profile. ProfileMiner may also identify other investigators looking at similar profiles, so that investigators are aware of other ongoing parallel investigations