Data mining able to identify multiple hackers

A team of computer scientists from UT Dallas recently created a strategy that is more effective at detecting multiple kinds of computer attacks than the traditional security approach of fighting one kind of hacking attack at a time.

Dr. Murat Kantarcioglu, professor of computer science based at the Erik Jonsson School of Engineering and Computer Science and director of the Data Security Privacy Lab, led the research. Dr. Yan Zhou, a research scientist, also worked on the project.

Together, the technology experts made a data-mining model to detect a range of hackers. Data mining is an approach that analyzes large sets of data, sorting it into useful information. This kind of method can be useful for all kinds of industries.

“One area where adversaries commonly come into play is spam filtering,” Zhou said. “In the early days, we would try to figure out whether an email was spam or legitimate by looking at the words contained within the body of the message. Adversaries, in this example, were anyone modifying emails to try and deceive the data-mining process.”

Hackers can use a variety of ways to attack computers, like email spam and network blocking. Using one filter against this variety of attacks is inefficient and dangerous.

“In the current work, we assume the adversaries are independent of each other and their actions have no impact on each other's decisions,” Zhou said. “In the future, we will consider problems where there are multiple collaborative adversaries.”