Data Mining Usage in Cybersec

Data Mining Usage in forensics will help automate and streamline detection while connecting suspects of crimes in a set database. Once the crimes are inputted using strict guidelines, crimes can be linked that are usually correlated between others. Having a central database in which a system of reports to with proper time to collect data can help link criminals to acts that can possibly link the suspect. Data mining of all the information set that is already in place can speed up the idea of data mining. Cutting edge Intrusion detection systems are using zero endpoint AI is a form of data mining. AI is the future since “61% of enterprises say they cannot detect breach attempts today without the use of AI technologies” (Louis Columbus, “Why AI Is The Future Of Cybersecurity”). Which reveals the need in data mining to predict, prevent and mitigate potential attacks. After any attacks or infiltration an investigation must be followed up with a tedious process of identify data to build a case against the suspect. The idea of creating a data mining query to identify points of interest and compromise of a system.

Data mining is a powerful tool that is an interdisciplinary exercise. It involves many different experts in “Statistics, database technology, machine learning, pattern recognition, artificial intelligence, and visualization, all play a role.” ( Hand, D., Mannila, H., Smyth, P., (2001). Principles of Data Mining). When working together plain data in any form can be used in the cybersecurity field. That data set of measurement of the environment will be used for an example a formula would be “a collection of objects, and for each object we have a set of the same p measurements” (Hand, D., Mannila, H., Smyth, P., (2001). Principles of Data Mining) Items will give weights and categories in which it would help determine the best output or answer. Another equation used in data mining is the Regression Analysis would be “a tool with which many readers will be familiar. In its simplest form, it involves building a predictive model to relate a predictor variable, X, to a response variable, Y, through a relationship of the form Y = aX + b. For example, we might build a model which would allow us to predict a person’s annual credit-card spending given their annual income” (Hand, D., Mannila, H., Smyth, P., (2001). Principles of Data Mining). When thinking of data mining think of it as a collection of data but using multiple studies to process a weighted educated guess.

Using the idea of creating data set that can be used for the Cybersecurity is AI. Most Antivirus are already Zero-Day intrusion detection system is when an attacker would attempt to infiltrate a company. AI would use data sets to determine future possible threats and help inform the organization to immediately mitigate the incoming unknown threat. Another form of “Detection models are constructed automatically using cost-sensitive machine learning algorithms using given cost metrics. In cost-sensitive IDS, normal and intrusion activities are analyzed, and this information is used in building effective misuse and anomaly detection models. Based on this the system finds the clusters of attack signatures and normal profiles and constructs dynamically configurable group of models (Stolfo et al., 2001).” Organizations who chose not to incorporate the functionality of AI backed anti-malware can leave them vulnerable to attackers.

When using data mining for the propose of Cyber forensics, the goal is to build a case against a suspect. The case would have many variables that can reinforce innocence or guilt, that is where data mining can help. Not only can it can help with cyber forensics but can it can link the suspect to other crimes. One of the examples is using “The SOM technique was used to analyze sexual assaults and rape offences held in a ViCLASS relational database within the National Crime Faculty at Bramsmill” (Adderley et al., 2001). This helped them in determining which of the crimes the same offender(s) committed. “The analysts established that crimes in individual clusters exhibited strong similarities, with adjacent clusters that are based on a variable theme having similar traits”. If there is a centralized database in which all information is collected and pooled in a uniformed manner. Systematic organized crime can be potentially identified through the same system. Another example was testing COPLink connect and Detect which “handles data preprocessing and data gathering burdens and the later deals with extracting patterns out of large volumes of crime data by using data mining and artificial intelligence” ( Chen, H, Crime Data Mining: An Overview and Case Studies). Using that software, the data would be weighed by the following technique “Spatio-temporal crime variables (e.g. crime location coordinates or the time of occurrence) 2) Crime natural specifications (e.g. crime scene characteristics, offender’s behavioral pattern) 3) Offender profiles (e.g. offender specifications (age, sex, race, etc.)) It is notable that every crime type includes its own specific crime variables. As an example, the crime variables for homicide will not be the same as the crime variables for larceny” (Chen, H, Crime Data Mining: An Overview and Case Studies). If data mining can connect crimes it easily pinpoints important information in logs, emails and registries for forensics.

The idea of data mining being used in for prevention, connection and forensics is a reality today since most Antiviruses can not compete with companies that use the technology. Catching zero-day threat and preventing all forms of future potential attacks. The tedious idea of searching and connecting data that can possible prosecute a suspect. If the central data base such as Cop link detect, and link are used as a standard in the department of justice to create the infrastructure. Once implemented criminals will no longer to fall get away for crimes that are possibly connected to the suspect. This can drastically reduce organized crime and reduce the amount of time to prosecute. Even if data is facts human error and mathematical anomaly must still be double checked for accuracy since if data is used to connect crimes.

Reference

1 . Hand, D., Mannila, H., Smyth, P., (2001). Principles of Data Mining. Cambridge, MA: MIT Press
2. Chen, H., Chung, W., Qin, Y., Chau, M., Xu, J. J., Wang, G., Zheng, R., Atabakhsh, H. (2003). Crime Data Mining: An Overview and Case Studies. ACM International Conference Proceeding Series; Vol. 130, 1–5.
3. Stolfo, S. J., Lee, W., Chan, P. K., Fan, W., Eskin. E. (2001). Data Mining-based Intrusion Detectors: An Overview of the Columbia IDS Project. ACM SIGMOD Record; Vol. 30, 5–14. 4. Brown, B., Pham, B., Vel, O. (2005). Design ofa Digital Forensics Image Mining System. IIHMSP05, Melbourne
5. Vel, O., Anderson, A., Coney, M., Mohay. G. (2001). Mining E-mail Content for Author Identification Forensics. ACM SIGMOD Record; Vol. 30, №4.
6. Stolfo, S. J., Hershkop, S. (2005). Email mining toolkit supporting law enforcement forensic analyses. ACM International Conference Proceeding Series; Vol. 89, 221–222.
7. Adderley, R., Musgrove, P. B. (2001). Data mining case study: Modeling the behavior of offenders who commit serious sexual assaults. Proceedings of the seventh ACM SIGKDD international conference on Knowledge discovery and data mining; 215- 220.

8.https://www.forbes.com/sites/louiscolumbus/2019/07/14/why-ai-is-the-future-of-cybersecurity/#498a743e117e

Related posts:

RMS Titanic was a British passenger liner that sank in the North Atlantic Ocean, after it collided with an iceberg during her maiden voyage from Southampton to New York City. It was, one of the…

Wir haben uns sehr gefreut über eine tolle Diskussionsrunde, an unserer digitalen Future Food Convention, moderiert von Filmemacher und Journalist Valentin Thurn. Unsere Gäste waren: Dr. Ophelia Nick…

The average American worker made around $50,000 per year as of 2021 with around 3% growth from one year to the next. As an average American worker, you may be wondering how to build $1 million of…