Actionable knowledge discovery for threats intelligence support using a multi-dimensional data mining methodology

Olivier Thonnard, Marc Dacier

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

This paper describes a multi-dimensional knowledge discovery and data mining (KDD) methodology that aims at discovering actionable knowledge related to Internet threats, taking into account domain expert guidance and the integration of domain-specific intelligence during the data mining process. The objectives are twofold: i) to develop global indicators for assessing the prevalence of certain malicious activities on the Internet, and ii) to get insights into the modus operandi of new emerging attack phenomena, so as to improve our understanding of threats. In this paper, we first present the generic aspects of a domain-driven graph-based KDD methodology, which is based on two main components: a clique-based clustering technique and a concepts synthesis process using cliques' intersections. Then, to evaluate the applicability of this approach to our application domain, we use a large dataset of real-world attack traces collected since 2003. Our experimental results show that significant insights can be obtained into the domain of threat intelligence by using this multi-dimensional knowledge discovery method.

Original languageEnglish
Title of host publicationProceedings - IEEE International Conference on Data Mining Workshops, ICDM Workshops 2008
Pages154-163
Number of pages10
DOIs
Publication statusPublished - 2008
Externally publishedYes
EventIEEE International Conference on Data Mining Workshops, ICDM Workshops 2008 - Pisa, Italy
Duration: 15 Dec 200819 Dec 2008

Other

OtherIEEE International Conference on Data Mining Workshops, ICDM Workshops 2008
CountryItaly
CityPisa
Period15/12/0819/12/08

Fingerprint

Data mining
Internet

Keywords

  • Domain-driven data mining
  • Internet threat intelligence
  • Knowledge discovery

ASJC Scopus subject areas

  • Computer Science Applications
  • Electrical and Electronic Engineering

Cite this

Thonnard, O., & Dacier, M. (2008). Actionable knowledge discovery for threats intelligence support using a multi-dimensional data mining methodology. In Proceedings - IEEE International Conference on Data Mining Workshops, ICDM Workshops 2008 (pp. 154-163). [4733933] https://doi.org/10.1109/ICDMW.2008.78

Actionable knowledge discovery for threats intelligence support using a multi-dimensional data mining methodology. / Thonnard, Olivier; Dacier, Marc.

Proceedings - IEEE International Conference on Data Mining Workshops, ICDM Workshops 2008. 2008. p. 154-163 4733933.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Thonnard, O & Dacier, M 2008, Actionable knowledge discovery for threats intelligence support using a multi-dimensional data mining methodology. in Proceedings - IEEE International Conference on Data Mining Workshops, ICDM Workshops 2008., 4733933, pp. 154-163, IEEE International Conference on Data Mining Workshops, ICDM Workshops 2008, Pisa, Italy, 15/12/08. https://doi.org/10.1109/ICDMW.2008.78
Thonnard O, Dacier M. Actionable knowledge discovery for threats intelligence support using a multi-dimensional data mining methodology. In Proceedings - IEEE International Conference on Data Mining Workshops, ICDM Workshops 2008. 2008. p. 154-163. 4733933 https://doi.org/10.1109/ICDMW.2008.78
Thonnard, Olivier ; Dacier, Marc. / Actionable knowledge discovery for threats intelligence support using a multi-dimensional data mining methodology. Proceedings - IEEE International Conference on Data Mining Workshops, ICDM Workshops 2008. 2008. pp. 154-163
@inproceedings{3242fff73e69471386ffb84e890bb175,
title = "Actionable knowledge discovery for threats intelligence support using a multi-dimensional data mining methodology",
abstract = "This paper describes a multi-dimensional knowledge discovery and data mining (KDD) methodology that aims at discovering actionable knowledge related to Internet threats, taking into account domain expert guidance and the integration of domain-specific intelligence during the data mining process. The objectives are twofold: i) to develop global indicators for assessing the prevalence of certain malicious activities on the Internet, and ii) to get insights into the modus operandi of new emerging attack phenomena, so as to improve our understanding of threats. In this paper, we first present the generic aspects of a domain-driven graph-based KDD methodology, which is based on two main components: a clique-based clustering technique and a concepts synthesis process using cliques' intersections. Then, to evaluate the applicability of this approach to our application domain, we use a large dataset of real-world attack traces collected since 2003. Our experimental results show that significant insights can be obtained into the domain of threat intelligence by using this multi-dimensional knowledge discovery method.",
keywords = "Domain-driven data mining, Internet threat intelligence, Knowledge discovery",
author = "Olivier Thonnard and Marc Dacier",
year = "2008",
doi = "10.1109/ICDMW.2008.78",
language = "English",
isbn = "9780769535036",
pages = "154--163",
booktitle = "Proceedings - IEEE International Conference on Data Mining Workshops, ICDM Workshops 2008",

}

TY - GEN

T1 - Actionable knowledge discovery for threats intelligence support using a multi-dimensional data mining methodology

AU - Thonnard, Olivier

AU - Dacier, Marc

PY - 2008

Y1 - 2008

N2 - This paper describes a multi-dimensional knowledge discovery and data mining (KDD) methodology that aims at discovering actionable knowledge related to Internet threats, taking into account domain expert guidance and the integration of domain-specific intelligence during the data mining process. The objectives are twofold: i) to develop global indicators for assessing the prevalence of certain malicious activities on the Internet, and ii) to get insights into the modus operandi of new emerging attack phenomena, so as to improve our understanding of threats. In this paper, we first present the generic aspects of a domain-driven graph-based KDD methodology, which is based on two main components: a clique-based clustering technique and a concepts synthesis process using cliques' intersections. Then, to evaluate the applicability of this approach to our application domain, we use a large dataset of real-world attack traces collected since 2003. Our experimental results show that significant insights can be obtained into the domain of threat intelligence by using this multi-dimensional knowledge discovery method.

AB - This paper describes a multi-dimensional knowledge discovery and data mining (KDD) methodology that aims at discovering actionable knowledge related to Internet threats, taking into account domain expert guidance and the integration of domain-specific intelligence during the data mining process. The objectives are twofold: i) to develop global indicators for assessing the prevalence of certain malicious activities on the Internet, and ii) to get insights into the modus operandi of new emerging attack phenomena, so as to improve our understanding of threats. In this paper, we first present the generic aspects of a domain-driven graph-based KDD methodology, which is based on two main components: a clique-based clustering technique and a concepts synthesis process using cliques' intersections. Then, to evaluate the applicability of this approach to our application domain, we use a large dataset of real-world attack traces collected since 2003. Our experimental results show that significant insights can be obtained into the domain of threat intelligence by using this multi-dimensional knowledge discovery method.

KW - Domain-driven data mining

KW - Internet threat intelligence

KW - Knowledge discovery

UR - http://www.scopus.com/inward/record.url?scp=62449094088&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=62449094088&partnerID=8YFLogxK

U2 - 10.1109/ICDMW.2008.78

DO - 10.1109/ICDMW.2008.78

M3 - Conference contribution

AN - SCOPUS:62449094088

SN - 9780769535036

SP - 154

EP - 163

BT - Proceedings - IEEE International Conference on Data Mining Workshops, ICDM Workshops 2008

ER -