Actionable knowledge discovery for threats intelligence support using a multi-dimensional data mining methodology

Olivier Thonnard, Marc Dacier

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

This paper describes a multi-dimensional knowledge discovery and data mining (KDD) methodology that aims at discovering actionable knowledge related to Internet threats, taking into account domain expert guidance and the integration of domain-specific intelligence during the data mining process. The objectives are twofold: i) to develop global indicators for assessing the prevalence of certain malicious activities on the Internet, and ii) to get insights into the modus operandi of new emerging attack phenomena, so as to improve our understanding of threats. In this paper, we first present the generic aspects of a domain-driven graph-based KDD methodology, which is based on two main components: a clique-based clustering technique and a concepts synthesis process using cliques' intersections. Then, to evaluate the applicability of this approach to our application domain, we use a large dataset of real-world attack traces collected since 2003. Our experimental results show that significant insights can be obtained into the domain of threat intelligence by using this multi-dimensional knowledge discovery method.

Original languageEnglish
Title of host publicationProceedings - IEEE International Conference on Data Mining Workshops, ICDM Workshops 2008
Pages154-163
Number of pages10
DOIs
Publication statusPublished - 1 Dec 2008
EventIEEE International Conference on Data Mining Workshops, ICDM Workshops 2008 - Pisa, Italy
Duration: 15 Dec 200819 Dec 2008

Publication series

NameProceedings - IEEE International Conference on Data Mining Workshops, ICDM Workshops 2008

Other

OtherIEEE International Conference on Data Mining Workshops, ICDM Workshops 2008
CountryItaly
CityPisa
Period15/12/0819/12/08

    Fingerprint

Keywords

  • Domain-driven data mining
  • Internet threat intelligence
  • Knowledge discovery

ASJC Scopus subject areas

  • Computer Science Applications
  • Electrical and Electronic Engineering

Cite this

Thonnard, O., & Dacier, M. (2008). Actionable knowledge discovery for threats intelligence support using a multi-dimensional data mining methodology. In Proceedings - IEEE International Conference on Data Mining Workshops, ICDM Workshops 2008 (pp. 154-163). [4733933] (Proceedings - IEEE International Conference on Data Mining Workshops, ICDM Workshops 2008). https://doi.org/10.1109/ICDMW.2008.78