Network Security is a major part of a network that needs to be maintained because information is being passed between computers etc. and is very vulnerable to attack. Data Mining is the process of extraction of required/specific information from data in database. Data mining is integrated with network security and can be used with various security tools as well as hacking tool.

1. NETWORK SECURITY USING
DATA MINING CONCEPTS
A
SEMINAR ON:
SUBMITTED TO:
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING
INSTITUTE OF TECHNOLOGY AND MANAGEMENT, GIDA, GORAKHPUR
GUIDE: MR. NAFEES AKHTER FAROOQUI BY: JAIDEEP GHOSH

3. OUTLINE
INTRODUCTION
SECURITY THREATS
DATA MINING
NETWORK SECURITY
INTEGRATION OF DATA MINING CONCEPTS
WITH NETWORK SECURITY
SYSTEM STRUCTURE
ADVANTAGES
CONCLUSION
INSTITUTE OF TECHNOLOGY AND
MANAGEMENT

4. INTRODUCTION
 Network Security is a major part of a network that needs
to be maintained because information is being passed
between computers etc. and is very vulnerable to attack.
 Data Mining is the process of extraction of
required/specific information from data in database.
 Data mining is integrated with network security and can
be used with various security tools as well as hacking
tool.
INSTITUTE OF TECHNOLOGY AND
MANAGEMENT

5. SECURITY THREATS
TYPES OF ATTACK ON NETWORK
ACTIVE ATTACK PASSIVE ATTACK
An event which can target the security region with the
intension to harm/access the system without
authentication is called Security Threats.
Attack is an action is taken against a target with the
intension of doing harm.
INSTITUTE OF TECHNOLOGY AND
MANAGEMENT

6. SECURITY THREATS
 ACTIVE ATTACK: An active attack attempts to alter
system resources or affect their operations.
 PASSIVE ATTACK: A passive attack attempts to learn or
make use of information from the system but does not
affects system resources.
Some other attacks are:
 DISTRIBUTED ATTACK
 INSIDER ATTACK
 CLOSE-IN ATTACK
 PHISHING ATTACK
 HIJACK ATTACK
 PASSWORD ATTACK INSTITUTE OF TECHNOLOGY AND
MANAGEMENT

7. SECURITY THREATS
VIRUSES AND WORMS
TROJAN HORSES
SPAM
PHISHING
PACKET SNIFFERS
MALICIOUSLY CODED WEBSITES
PASSWORD ATTACKS
HARDWARE ATTACKS AND RESIDUAL DATA FRAGMENTS
SHARED COMPUTERS
ZOMBIE COMPUTERS AND BOTNETS
INSTITUTE OF TECHNOLOGY AND
MANAGEMENT

8. DATA MINING
 Data Mining is the process of extraction of
required/specific information from data in database.
 Data Mining is the process of analysing data from
different perspectives and summarising it into useful
information.
 Data Mining is the process of finding co-relations or
patterns among several fields in large relational
database.
INSTITUTE OF TECHNOLOGY AND
MANAGEMENT

9. DATA MINING FOR NETWORK SECURITY
Data Mining is being applied to problems such as intrusion
detection and auditing.
 ANAMOLY DETECTION TECHNIQUES could be used to
detect unusual patterns and behaviours.
 LINK ANALYSIS may be used to trace self propagating
malicious code to its authors.
 CLASSIFICATION may be used to group various cyber
attacks and then use the profiles to detect an attack when
it occurs.
 PREDICTION may be used to determine potential future
attacks depending in a way on information learnt about
terrorist through E-Mail and Phone conversations.
INSTITUTE OF TECHNOLOGY AND
MANAGEMENT

10. DATA MINING FOR INTRUSION DETECTION
An Intrusion can be defined as any set of action that attempt to
compromise the integrity, confidentiality or availability of a
resource.
TECHNIQUES OF IDS
Anomaly Detection System Misuse Detection System
INSTITUTE OF TECHNOLOGY AND
MANAGEMENT

11. DATA MINING FOR INTRUSION DETECTION
TYPES OF IDS:
Host Based
Detects attacks against a single host.
Distributed IDS
Detects attacks involving multiple hosts.
Network Based IDS
Detects attacks from any network.
INSTITUTE OF TECHNOLOGY AND
MANAGEMENT

12. NETWORK SECURITY
Network Security consist of the policies adopted to prevent
and monitor unauthorized access, misuse, modification or
Daniel of computer networks and network accessible
resources.
INSTITUTE OF TECHNOLOGY AND
MANAGEMENT

13. PASSWORD DISCOVERY TABLE
# OF
CHARACTER
POSSIBLE
COMBINATION
1 36
2 1300
5 6 Crore
HUMAN COMPUTER
3 Min .000018 Sec
2 Hours .00065 Sec
10 Years 30 Sec
 Possible character includes the letter A-Z and Numbers 0-9.
 Human discovery assumes 1 try in every second.
 Computer discovery assumes 1 Million tries per second.
 Average time assumes the password would be discovered in approximately half
the time it would take to try all possible combinations.
INSTITUTE OF TECHNOLOGY AND
MANAGEMENT

14. ARCHITECTURE OF
DATAMINING IN ETHICAL HACKING TOOLS
DATA SOURCE
1
DATA SOURCE
2
DATA SOURCE
3
DATA
WAREHOUSE
ETHICAL
HACKING
TOOLS
ETL
TOOL
Fig:1 WORKING ARCHITECTURE OF DATA MINING IN ETHICAL HACKING TOOLS
INSTITUTE OF TECHNOLOGY AND
MANAGEMENT

15. WORM DETECTION
Worms are self replicating program, that exploits software
vulnerability on a victim or remotely infects other victims.
TYPES OF WORMS:
 E-mail Worms
 Instant Messaging Worms
 Internet Worms
 File Sharing Network Worms
INSTITUTE OF TECHNOLOGY AND
MANAGEMENT

16. ADVANTAGES
 Consumes very less time in various network tools for
decrypting password and other information.
 Easy to implement such system.
 Helps to record unwanted and unauthorized access on
any network.
INSTITUTE OF TECHNOLOGY AND
MANAGEMENT

17. CONCLUSION
The result of mining in network security may be to discover
following type of new information.
INSTITUTE OF TECHNOLOGY AND
MANAGEMENT
 Protection from unauthorized access.
 Blocking of IP in case when wrong password attempted several
times.
 Helps in prevention from various terrorist attacks by recording
their information.
 Concept can be implemented in various system like: IDS, WORM
DETECTION etc.
 Helps in Brute Force attack, Password cracking etc.

18. THANK YOU