DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click HERE
to register or log in.
MINDS: Architecture & Design
MINNESOTA UNIV MINNEAPOLIS DEPT OF COMPUTER SCIENCE
Pagination or Media Count:
This chapter provides an overview of the Minnesota Intrusion Detection System MINDS, which uses a suite of data mining based algorithms to address diff erent aspects of cyber security. The various components of MINDS such as the scan detector, anomaly detector and the profiling module detect different types of attacks and intrusions on a computer network. The scan detector aims at detecting scans which are the percusors to any network attack. The anomaly detection algorithm is very effective in detecting behavioral anomalies in the network traffic, which typically translate to malicious activities such as denial-of-service DoS traffic, worms, policy violations and inside abuse. The profiling module helps a network analyst to understand the characteristics of the network traffic and detect any deviations from the normal profile. Our analysis shows that the intrusions detected by MINDS are complementary to those of traditional signature based systems, such as SNORT, which implies that they both can be combined to increase overall attack coverage. MINDS has shown great operational success in detecting network intrusions in two live deployments at the University of Minnesota and as a part of the Interrogator architecture at the US Army Research Labs Center for Intrusion Monitoring and Protection ARL-CIMP.
APPROVED FOR PUBLIC RELEASE