University of Minnesota
University Relations
http://www.umn.edu/urelate
612-624-6868
myU OneStop


Go to unit's home.

Home | Seminars and Symposia | Past seminars/symposia: Wednesday, March 26, 2003

DTC Seminar Series

MINDS: Data Mining Based Network Intrusion Detection System

by

Vipin Kumar
Army High-Performance Computing Research Center
and Department of Computer Science and Engineering
University of Minnesota

Wednesday, March 26, 2003
1:00 pm

402 Walter Library

This talk will provide an overview of the MINDS (Minnesota Intrusion Detection System) project at the AHPCRC that is developing a suite of data mining techniques to automatically detect novel and emerging attacks against computer networks and systems. While the long-term objective of MINDS is to address all aspects of intrusion detection, this talk will focus on two specific aspects. First, Professor Vipin Kumar will show how the behavior-based anomaly detection approach of MINDS is suitable for detecting new and previously unknown types of intrusions, which often indicate emerging threats. Second, he will show how association pattern analysis can be used to summarize and characterize anomalous network connections. Given the very high volume of connections observed per unit time, such characterization of novel attacks is essential in enabling a security analyst to understand emerging threats. The University of Minnesota network security analyst, Paul Dokas, has been using MINDS in a production mode successfully to detect novel intrusions that could not be identified using state-of-the-art signature-based tools such as SNORT. Many of these attacks detected by MINDS, have already been on the CERT/CC list of recent advisories and incident notes. Summarization of anomalous connections using association pattern analysis has been very helpful in understanding the nature of cyber attacks as well as in creating new signature rules for intrusion detection systems.

 

Vipin Kumar is the Director of Army High Performance Computing Research Center and Professor of Computer Science at the University of Minnesota. Professor Kumar's research has resulted in the development of the concept of isoefficiency metric for evaluating the scalability of parallel algorithms, as well as state-of-the-art software for sparse matrix factorization (PSPASES) and graph partitioning (METIS, ParMetis, hMetis). He is currently investigating application of high-performance data mining to global climate modeling and cyber security. Professor Kumar has authored over 150 research articles, and co-edited or co-authored seven books including the widely used textbook Introduction to Parallel Computing and Data Mining for Scientific and Engineering Applications. Professor Kumar serves as the steering committee chair for the SIAM International Conference on Data Mining.