Forensic Data Mining: Finding Intrusion Patterns in Evidentiary Data

In The extensive growth of computing networks and tools and tricks for intruding into and attacking networks has underscored the importance of intrusion detection in network security. Yet, contemporary intrusion detection systems (IDS) are limiting in that they typically employ a misuse detection strategy, with searches for patterns of program or user behavior that match known intrusion scenarios, or signatures. Accordingly, there is a need for more robust and adaptive methods for designing and updating intrusion detection systems. One promising approach is the use of data mining methods for discovering intrusion patterns. Discovered patterns and profiles can be translated into classifiers for detecting deviations from normal usage patterns. Among promising mining methods are association rules, link analysis, and rule-induction algorithms. Our particular contribution is a unique approach to combining association rules with link analysis and a rule-induction algorithm to augment intrusion detection systems

AMCIS 2010 Panel Report: External Benchmarks in Information Systems Program Assessment

Accrediting bodies and other external constituencies are placing increased emphasis on the assessment of academic degree programs for continuous improvement. Most assessment plans are focused on determining how well program outcomes or goals are being met. However, benchmarking a degree program across institutions is rarely considered. This article provides general principles for assessing information systems programs and presents quantitative and qualitative methodologies and tools for benchmarking student learning in Information Systems programs

An fMRI Exploration of Information Processing in Electronic Networks of Practice

Online forums sponsored by electronic networks of practice have become an important source of information for individuals seeking solutions to problems online. However, not all information available in a forum is helpful or accurate, requiring knowledge seekers to evaluate and filter the solutions they encounter. Most forums offer contextual cues to help knowledge seekers make evaluation decisions, yet little is understood about the cognitive processes and neural mechanisms that underlie how information on these forums is filtered and evaluated. This paper draws on literature in cognitive neuroscience and NeuroIS to develop exploratory research questions about the role of both content and contextual cues in forum filtering tasks, the comparative and interactive effects of different types of contextual cues, and the neural functions associated with filtering processes. These questions are explored using an fMRI experimental study that captured forum information filtering behaviors and measured the neural correlates involved in evaluating both solution content and contextual cues. Results show that both content and contextual cues influence final filtering decisions, with community-based cues factoring more heavily than expert-based cues. Moreover, we observe distinct neural activation patterns when forum knowledge seekers encounter certain cue combinations. Based on our observations, we derive a theoretical model comprising testable research propositions about both behavioral and neural facets of forum information filtering

Forensic data mining: Finding intrusion patterns in evidentiary data

In The extensive growth of computing networks and tools and tricks for intruding into and attacking networks has underscored the importance of intrusion detection in network security. Yet, contemporary intrusion detection systems (IDS) are limiting in that they typically employ a misuse detection strategy, with searches for patterns of program or user behavior that match known intrusion scenarios, or signatures. Accordingly, there is a need for more robust and adaptive methods for designing and updating intrusion detection systems. One promising approach is the use of data mining methods for discovering intrusion patterns. Discovered patterns and profiles can be translated into classifiers for detecting deviations from normal usage patterns. Among promising mining methods are association rules, link analysis, and rule-induction algorithms. Our particular contribution is a unique approach to combining association rules with link analysis and a rule-induction algorithm to augment intrusion detection systems.Link_to_subscribed_fulltex

Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection

Because malicious intrusions into critical information infrastructures are essential to the success of cyberterrorists, effective intrusion detection is also essential for defending such infrastructures. Cyberterrorism thrives on the development of new technologies; and, in response, intrusion detection methods must be robust and adaptive, as well as efficient. We hypothesize that genetic programming algorithms can aid in this endeavor. To investigate this proposition, we conducted an experiment using a very large dataset from the 1999 Knowledge Discovery in Database (KDD) Cup data, supplied by the Defense Advanced Research Projects Agency (DARPA) and MIT's Lincoln Laboratories. Using machine-coded linear genomes and a homologous crossover operator in genetic programming, promising results were achieved in detecting malicious intrusions. The resulting programs execute in real time, and high levels of accuracy were realized in identifying both positive and negative instances. © 2006 Elsevier B.V. All rights reserved.Link_to_subscribed_fulltex