EC4747 Data Mining in Cyber Applications

Data mining concepts, theories and methods are examined and applied to the cyber domain. Specific applications considered include network and computer intrusion detection, malware detection, fraud detection and identity theft. Classification approaches, including heuristic, Bayesian, neural network and support vector machine approaches are examined. Association analysis using both attribute- and graphical based approaches are studied. Cluster analyses, both hierarchical and partitional approaches, are examined. The application of these concepts, theories and methods culminate in an in-depth study of anomaly detection techniques, methodologies and associated system designs and implementations relevant to the cyber mission.

Prerequisite

EC2010, EC3730 or their equivalents, working knowledge of Python and panda library extensions or consent of the instructor.

Lecture Hours

3

Lab Hours

2

Course Learning Outcomes

·       Explain the appropriate data mining approaches applicable to various cyber applications, including network and intrusion detection.

·       Describe current cyber domain problems that require data mining implementations, including network and computer intrusion detection, malware detection, fraud detection and identity theft.

·       Realize system-level implementations of data mining systems, incorporating various data ingest, data preprocessing, data mining, data post processing and visualization approaches.

·       Explain prevalent data mining concepts, theories and methods.

·       Explain the general classification problem and demonstrate the ability to implement various classification approaches.

·       Explain the general association problem and demonstrate the ability to implement various association approaches.

·       Explain the general clustering problem and demonstrate the ability to implement various clustering approaches.

·       Given an intrusion detection scenario, the student will be able to discuss strategy and propose schemes for analysis and detection of anomalous behavior.