Athens Cyber Security Conference, Dr. Thuraisingham´s “Data Mining for Security”.
On September 12th, and during the first day of the conference EISIC 2011 “European Intelligence & Security Informatics Conference, on Counterterrorism and Criminology,” the first keynote speech was given by the expert Dr. Bhavani Thuraisingham Cyber Security (BT) (*). The title of his presentation was “Data Mining for Malicious Code Detection and Security Applications”. Among the highlights of his academic dissertation BT defined the meaning of saying that data mining “is the process of posing queries and extracting patterns different from data using techniques”. About its use, she said the technology can be used in national security as well aganist cybercrime and security, like f.e. like to Prevent buildings, destroying critical infrastructure (power, telecom). Dr Thuraisingham said that also can Data Mining find out who the bad guys are, capable of carrying out those Terrorist Activities.
Defining Cyber Security BT said it is a technology to Protect the computer and network systems due to Against Corruption last generation of malware like Trojan horses, worms and viruses, including the ultradangerous malware called RAMAL (Radioactive Adaptive Malware), as well as intrusion detection and auditing.
During the first part of the presentation, BT described her research (together with Prof Latifur Khan and students of the University of Texas) and said that some techniques like the Link Analysis technology can be used to trace the viruses to the perpetrators. Another technology called Classification can prevent future attacks depending on the data mining learned about the terrorists through emails and phone conversations. The technology can also separate between real threats and non threats at all, by reducing false positives and false negatives.
More into details of her speech, BT said that the researched techniques like the CFB Program can extract the code blocker malware from data, and make a control flow analysis. She also compared her System with another already in the market , the code blocker SigFree, and assured her system is better, performs better. Her System can detect Malware that is evolving continuosly, even every milisecond, like the RAMAL (Radioactive Adaptive Malware). Currently, all last generation malware evolve continuosly and it is difficult to prevent for regular firewalls. Dr. Bhavani Thuraisimgham defined her anti RAMAL malware tech as the NCD Novel Class Detection, and the tool is the system based on NCD, the so called SNOD or SNODMAL).
Currently, the most advanced Malware goes undetected because a continuos change in behaviours , every milisecond, and the regular anti malware software can not keep up that speed.
BT assured that her SNOD hast the ability to detect new classes of malware and its changes. She used the SNODMAL, malware detector using SNOD.
She classified the Malware in two categories: Benign and Novel.
The usefullness of SNODMAL will extend to detect multiple novel malware classes and quarantine them.
Summarizing, BT also revealed that they are working to find the best way to detect where this malware attack comes from, and to be able to attribute the attack, where it come from with 100% certainty (to avoid false accusations). Several countries have been attacjed by these novel malware.
In regard to the privacy matter, BT affirmed that the extract of results of the data mining should be private, this is a legal matter, not only an ethical one.
Once her speech finalized and the round of questions ended, Dr. Bhavani Thuraisimgham met Victor Bjoergan , CEO of the U.S. based Global Security Services LLC, also Publisher of TheAmericasPost.com and EuropeSecurityNews (this under construction). Both discussed the importance of developing these technologies, and its role anti Cybercrime and the strengthening of global security against terrorism.
Short URL: http://www.theamericaspostes.com/?p=3741