Department of Systems Engineering and Engineering Management,

                    The Chinese University of Hong Kong


Information-statistical Data Mining for Security Control

Prof. Bon. K. SY
Computer Science Department
Queens College, City University of New York

Date : January 20, 2006 (Friday)

Time : 4:30 p.m. - 5:30 p.m.

Venue : Room 513, William M.W. Mong Engineering Building

(Engineering Building Complex Phase 2), CUHK

This presentation will discuss our research on data mining for intrusion
detection and forensic analysis. In this talk I will discuss one of our
research projects on behavioral based intrusion detection; specifically,
masquerade intrusion in the application layer.

Our approach is based on the derivation of statistically significant event
patterns that characterize user/system access behavior, and a discovery
process for generating a reference ground model. A unique characteristic of
the reference ground model is that it preserves the statistical
characteristics of the event patterns; thus providing a basis for reasoning
the existence of a security intrusion based on comparing the statistical
characteristics of the access sequence appeared in the log file with the
statistical characteristics revealed by the reference ground model. Based on
the lessons learned from our experimental study, I will discuss some of the
open issues for evaluating the performance of intrusion detection, as well as
the possible linkage between intrusion detection and forensic analysis from an
information theoretic perspective.

If time permits, I will briefly mention our current research on an information
statistical framework for establishing a linkage between intrusion detection
and forensic analysis. I will also discuss our current effort on the design
and development of an intrusion detection system built upon SNORT --- a widely
popular open source for light weight intrusion detection in the network layer.
Our effort on the system design is to create an environment that is scaleable
and distributive. By distributive we mean multiple (intrusion detection)
sensors to be deployed over, and to collect data from, multiple sites. The
goal is to create an integrated environment in which the sensor(s) on each
site can leverage on the information made available by each other to realize a
truly distributive intrusion detection engine. Our effort on the system
development is to not just install SNORT, but to integrate and implement our
research into a SNORT based environment that provides additional features such
as generating forensic explanations from intrusion alarms, and multi-modal
automatic alerts using email and VXML.

Bon Sy was born and grew up in Hong Kong. From 1980 to 1984, he went to Hong
Kong Polytechnic University for his undergraduate study. He completed his
Master (1986) and Ph.D. (1988) at Northeastern University in Boston,
Massachusetts. He joined Queens College of the City University of New York
(CUNY) since 1988. >From September of 1997 to August of 1998, he was on
sabbatical leave from Queens College to join the PAMI (Pattern Analysis and
Machine Intelligence) Group as the visiting Associate Professor of the
University of Waterloo, Canada. He became a tenured full Professor of both
Queens College and the University Graduate Center of CUNY at 2001. He recently
joined the rank of CISSP as certified by the International Information Systems
Security Certification Consortium.

Bon has published extensively funded research projects and the holder of a
patent on his data mining technique for model discovery. Some of Bon's
recently completed projects include a book published by Kluwer Publishing (now
Springer) in data mining, and a scientific data warehouse hosting world wide
climate data provided by N.O.A.A. and U.S. water quality data provided by
U.S.G.S. These real world data sets are used widely by researchers in
environmental science from countries worldwide. He has developed a web portal
for managing wireless hotspot location and security, VoIP/PSTN integration
based on open source, and wireless coverage for a Park near Queens College
with 802.1X security.

In additional to his research, he is the mentor of over twenty students
pursuing undergraduate and graduate research. One of his student groups has
won the first place in the U.S. region of a world wide student project contest
organized by the Oracle Inc. at 2000. He is also an invited expert to testify
in front of the Technology Committee for Government of the New York City
Council, the academic chair and invited speaker of the VoIP security expo, as
well as the chair for the conference workshop in data mining for security



Note : Cookies and drinks will be available at 4:15 pm.



                       ***** ALL ARE WELCOME *****

Host : Prof. K.F. Wong
Tel : 2609 8332
Email : kfwong@se.cuhk.edu.hk

For more information please

refer to http://www.se.cuhk.edu.hk/~seg5810/