Detection and Apprehension of Rare Events in Data Streams
With the rapid progress of network, telecommunication, sensor, wireless, and mobile computing technologies, massive amounts of data about dynamic events have been or will be captured in the form of stored or stream data. However, because of the universal access of the Web as well as easy access of some computer network and telecommunication devices, it is inevitable for some network to encounter some intruders or vicious users that may steal some crucial information from the network or sabotage the system.

Intrusions are usually present in the form of rare events, different from the major trends and frequent events. However, not all the rare events are network intrusions or vicious attacks. Thus, the detection and apprehension of rare events in order to guard against network intrusion, terrorist attack, or sabotages of the networks and/or computer systems has become a strategically important task in computer and homeland security.

This project will develop an efficient and effective rare-event analysis system called RareEGuard that will perform multi-dimensional analysis of dynamic event data and identify outliers and unusual events in multi-dimensional space. The objective is to identify and isolate suspect events based on unusual behaviors, which may then be correlated with unnoticed suspects, with expert rules provided by security officers and experienced system managers in the form of constraints to the system to help identify genuine intrusions from the false alarms.

This project involves investigating the issues related to the design and development of innovative, effective, and efficient methods for analyzing and mining of dynamic event data to detect rare events, understand the rare events and its surrounding situations, and perform reasoning on the rare events in order to filter out false alarms and discover genuine intrusions.

The RareEGuard system, its visualization package, and Web interface will be developed on the D2K™ system platform using Java language. With years of research and development experience in data mining, well-established data mining programming environment, such as D2K™, and a good set of well-developed data mining and visualization software packages, many mature data mining techniques can be professionally integrated into the RareEGuard system, and new research results can be prototyped, tested, and further developed systematically. Developers will work closely with government agencies to test the developed system in the real case and various kinds of scenarios.
 
Project Leads
Michael Welge, NCSA
Loretta Auvil, NCSA
Jiawei Han, Department of Computer Science, University of Illinois at Urbana-Champaign

Return to Projects list


The National Center for Advanced Secure Systems Research NCASSR) at the University of Illinois at Urbana-Champaign (UIUC) is a multi-institutional cybersecurity research team. NCASSR focuses basic and applied research necessary to develop next generation information security technologies that address national cybersecurity needs. NCASSR is led by the National Center for Supercomputing Applications (NCSA) and supported by funding from the Office of Naval Research (ONR).


SELS 0.7 released
Secure Email List Services (SELS) is an open source software for creating and developing secure email list services among user communities.
 
Strong community engagement strengthens cybersecurity research and development
NCASSR-supported exploratory research at NCSA and elsewhere has sparked additional external funding and development opportunities as well as successful deployment and adoption by users ranging from the defense sector to state law enforcement to the utilities industry.
 
NCASSR Collaborator Goes To Washington
Carl Gunter, a professor in the University of Illinois Department of Computer Science and a project lead on NCASSR-supported work involving adaptive, secure messaging, recently spoke to an audience of congressional staffers and lobbyists on Capitol Hill regarding ways to address a variety of critical cybersecurity issues in areas such as healthcare and energy distribution.