Detecting Intrusion from Network Anomalies (DINA)
Agency / Branch:
DOC / NIST
This proposal introduces the Detecting Intrusion from Network Anomalies (DINA) system, which uses data mining tools to automatically detect anomalous behaviors that can be related to undesired intrusion and/or attacks upon computer networks, as well as other use patterns which may indicate behaviors which are non-hostile but still problematic. The application will make use of Ensembles of Decision Trees (EDTs) to mine the data and detect those anomalous behaviors. The system will utilize a Relational Database (RDBMS)/Data Warehouse (DW) Architecture that can be used to build, manage, deploy, score, and detect anomalies, all within the database. The model and approach described in this proposal will be adopted to build a prototype using the capabilities of a number of open-source products. Moreover, the system will provide crucial visualization tools aimed at helping users diagnose performance issues and understand communication patterns between nodes.
Small Business Information at Submission:
Michigan Aerospace Corporation
1777 Highland Dr., Suite B Ann Arbor, MI 48108
Number of Employees: