Data mining can be a useful tool in tracking down cyber gangs, but its usefulness in proactively guarding against cyber threats is doubtful.
“Where there is lots and lots of data, which you have to analyze and sift through, then you can use data mining to uncover patterns,” said Bhavani Thuraisingham, director of the Cyber Security Research Center at the University of Texas, Dallas.
A new research shows that data mining could be used to track down large-scale criminal activities on the web.
Researchers from Indiana University at Bloomington and the Oak Ridge National Laboratory gathered data from various places and found several network providers that had very high concentrations of malicious activity. Eastern Europe and the Middle East are a few places where this pattern was extremely pronounced.
Data mining to identify malicious activity can “unearth networks harboring cyber criminals”, and it might be an easy and efficient way to hunt down cyber crooks. However, there is a problem with data mining – it is not hundred percent accurate.
Because data mining can give “false positives” and “false negatives” it has to be used with caution, according to Thuraisingham.
However, Thuraisingham feels data mining can play an effective role in malware detection.
“We can apply it to lots of applications in cyber security like auditing, accountability, intrusion detection,” she added.
Mike Lee, an analyst with Websense an Internet security firm, feels data mining is more of a “post threat tactic” rather than something that can prevent an attack in real time.
“So lets say you have fallen victim to an attack and you are trying to figure out what happened. That’s where logging of everything that happens on your network and then after the fact mining that data can play a very important role to understand what was the source of the attack, what data was affected, where did the data go,” said Lee.
Another issue with data mining in cyber space is potential loss of confidentiality, akin to a loss of privacy as a result of data mining in the real world.
“For data mining we have to gather a lot of information about all the processes in a machine to determine whether they are malicious or not. By monitoring all of these processes sometimes some good benign processes that are doing some highly confidential work will also be monitored and information about it gathered, which we shouldn’t be doing,” said Thuraisingham.
However she argues that data mining can play an increasingly important role in ensuring cyber security, as new capabilities are built into the existing data mining techniques.
Since anti-viruses and anti-malwares use known patterns or signatures to identify a virus or a malware as a threat, a new threat with an unknown pattern might go undetected. With newer data mining techniques the behavior of these threats could be analyzed, instead of just their patterns, in order to identify them as malicious.