Which of the following areas data mining technology can be applied?

The following are areas in which data mining technology can be used or created for intrusion detection which are as follows −

Development of data mining algorithms for intrusion detection − Data mining algorithms can be used for misuse detection and anomaly detection. In misuse detection, training information is labeled as either “normal” or “intrusion.” A classifier can then be changed to detect known intrusions.

There is multiple research in this area that has contained the application of classification algorithms, association rule mining, and cost-sensitive modeling. Anomaly detection constructs models of normal behavior and automatically detects significant deviations from it and supervised or unsupervised learning can be utilized.

In a supervised technique, the model is created based on training data that are referred to as “normal.” In an unsupervised technique, no data is given about the training data. Anomaly detection research has involved the application of classification algorithms, statistical methods, clustering, and outlier analysis. The techniques used to be effective and scalable, and capable of managing network data of large volume, dimensionality, and heterogeneity.

Association and correlation analysis, and aggregation to help choose and construct discriminating attributes − Association and correlation mining can be used to discover relationships between system attributes defining the network data. Such data can support insight regarding the selection of useful attributes for intrusion detection.New attributes changed from aggregated data can also be helpful, including summary counts of traffic matching a specific pattern.

Analysis of stream data − Because of the transient and dynamic features of intrusions and malicious attacks, it is important to perform intrusion detection in the data stream environment. Furthermore, an event can be normal on its, but considered malicious if viewed as an element of a sequence of events.

Thus it is important to study what sequences of activities are frequently encountered together, discover sequential patterns, and identify outliers. Other data mining techniques for finding evolving clusters and building dynamic classification models in data streams are also important for real-time intrusion detection.

Distributed data mining − Intrusions can be released from multiple areas and targeted to many different destinations. Distributed data mining techniques can be used to analyze network data from several network areas to detect these distributed attacks.

Visualization and querying tools − Visualization tools must be accessible for viewing any anomalous patterns detected. Such tools can involve features for viewing associations, clusters, and outliers. Intrusion detection systems must also have a graphical user interface that enables security analysts to pose queries regarding the network data or intrusion detection outcomes.