Security and Data Mining: Data Mining for Security and Data Privacy

Data mining for (cyber)security

Service Specific Anomaly Detection for Network Intrusion Detection

• Paper: PDF
• For a HTTP request to a webserver, the type of service can be GET, HEAC or POST and contains parameters like the URL or the type of browser the user runs. For DNA, a service request is usually a single packet that contains the DNS name which should be resolved or an IP address that needs to be mapped to a DNS name.
• Anomaly detection identifies attacks based on the deviations from the established profiles of normal activities. Activities that exceed thresholds of the deviations are detected as attacks. Misuse detection has low false positive rate, but cannot detect new types of attacks.
• Properties of a request used to determine its anormaly score: 1) type of request, 2) length of request, 3) payload distribution.
• The anomaly score is a value that specifies the extent of the deviation of the received request from the expected values specified by the profile, as following,
  $AS = 0.3 * AS_{type} + 0.3 * AS_{len} + 0.4 * AS_{pd}$.

Adversarial attacks

• Adversarial attacks against machine learning systems
• TrojanNet – a simple yet effective attack on machine learning models
  TrojanNet doesn't modify the targeted ML model and instead uses a separate tiny neural network trained to detect the triggers. The output of the TrojanNet is combined with that of the targeted model to make a final decision on an input image.

Data privacy and privacy concerns in data mining

References:

• The broken promise that undermines human genome research
• Privacy in the Genomic Era
• How to Preserve the Privacy of Your Genomic Data (A technology called “fully homomorphic encryption”, FHE, is so secure that even future quantum computers won’t be able to crack it).