text-only page produced automatically by LIFT Text Transcoder Skip all navigation and go to page contentSkip top navigation and go to directorate navigationSkip top navigation and go to page navigation
National Science Foundation Home National Science Foundation - Computer & Information Science & Engineering (CISE)
Computer & Information Science & Engineering (CISE)
design element
About CISE
Funding Opportunities
Advisory Committee
Career Opportunities
Advisory Committee for Cyberinfrastructure
See Additional CISE Resources
View CISE Staff
CISE Organizations
Advanced Cyberinfrastructure (ACI)
Computing and Communication Foundations (CCF)
Computer and Network Systems (CNS)
Information & Intelligent Systems (IIS)
Proposals and Awards
Proposal and Award Policies and Procedures Guide
Proposal Preparation and Submission
bullet Grant Proposal Guide
  bullet Grants.gov Application Guide
Award and Administration
bullet Award and Administration Guide
Award Conditions
Merit Review
NSF Outreach
Policy Office
Additional CISE Resources
Advisory Committee Meetings
Career Opportunities
Funding Rates
Budget Excerpt
Assistant Director's Presentations and Congressional Testimony
CS Bits & Bytes
CISE Distinguished Lecture Series
Cyberlearning Webinar Series
Data Science Webinar Series
Smart & Connected Health Webinar Series
WATCH Series
CISE Strategic Plan for Broadening Participation
Keith Marzullo on Serving in CISE
Cybersecurity Ideas Lab Report
Other Site Features
Special Reports
Research Overviews
Multimedia Gallery
Classroom Resources
NSF-Wide Investments

Email this pagePrint this page

Data Mining Pinpoints Network Intrusions

Vipin Kumar and colleagues at the University of Minnesota are developing data-mining techniques to detect rare events, such as computer break-ins, that are difficult to detect using methods that recognize attacks only through pre-defined patterns.

network cables

Photo of network cables
Credit and Larger Version

April 19, 2004

Just because an event occurs rarely doesn't mean it won't have dramatic impacts. Consider heart attacks, power blackouts, credit card frauds or computer virus infections.

Vipin Kumar and colleagues at the University of Minnesota are developing data-mining techniques to detect rare events, such as computer break-ins, that are difficult to detect using traditional methods that recognize attacks only through pre-defined patterns.

The new techniques have been incorporated in the Minnesota Intrusion Detection System (MINDS) software, which helps cybersecurity analysts detect computer break-ins and other undesirable activity in real-world networks, potentially while the break-in is underway.

"MINDS allows cybersecurity experts to quickly analyze massive amounts of network traffic," Kumar said. "They only need to evaluate the most anomalous connections identified by the system." The data-mining research on rare event analysis is supported by a $300,000 award from the National Science Foundation.

MINDS is currently being used to monitor over 40,000 computers at the University of Minnesota. In addition, it is an integral part of the Army's Interrogator architecture, used at the Army Research Laboratory's Center for Intrusion Monitoring and Protection to analyze network traffic from Defense Department sites around the country. MINDS routinely detects novel intrusions, policy violations and insider abuse that are missed by other widely used tools.

Data mining for rare events becomes critical as new technologies allow more and more data to be collected. The signal indicating that a rare event has happened, or is about to, can be drowned in a rapid flow of data, mostly reporting normal behavior.

Detecting computer intrusions is only the first application for the Minnesota team's new data-mining methods. The underlying techniques could be applied to many areas beyond cybersecurity, such as detecting financial or health-care fraud.

-- David Hart

Vipin Kumar
Jaideep Srivastava

Related Institutions/Organizations
University of Minnesota-Twin Cities


Related Programs
Information and Data Management

Related Awards
#0308264 Data Mining for Rare Class Analysis

Total Grants

Related Agencies
U.S. Army

Related Websites
MINDS - Minnesota Intrusion Detection System: http://www.cs.umn.edu/research/minds/MINDS.htm


Email this pagePrint this page
Back to Top of page