Sessions - Integrated Design and Process Technology
Sessions - Integrated Design and Process Technology
Sessions - Integrated Design and Process Technology
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Tutorials<br />
Please see detailed schedule for time <strong>and</strong> place information. Also see www.sdpsnet.org<br />
Bhavani M. Thuraisingham<br />
SDPS Fellow<br />
Data Mining for Malware<br />
Detection<br />
Data mining is the process of posing various queries<br />
<strong>and</strong> extracting useful <strong>and</strong> often previously unknown <strong>and</strong><br />
unexpected information, patterns, <strong>and</strong> trends from large<br />
quantities of data, generally stored in databases. Data<br />
mining has evolved from multiple technologies including<br />
data management, data warehousing, machine learning <strong>and</strong><br />
statistical reasoning. Much progress has also been made on<br />
building data mining tools based on a variety of techniques<br />
for numerous applications. These applications include those<br />
for marketing <strong>and</strong> sales, healthcare, medical, financial,<br />
e-commerce, multimedia <strong>and</strong> more recently for security.<br />
In this tutorial, we describe the data mining the tools we have<br />
developed for malware detection. Malware, also known as<br />
malicious software, is developed by hackers to steal data<br />
<strong>and</strong> identity, cause harm to computers <strong>and</strong> deny legitimate<br />
services to users, among others. Malware has plagued the<br />
society <strong>and</strong> the software industry for almost four decades.<br />
Malware includes virus, worms, Trojan horses, time <strong>and</strong> logic<br />
bombs, botnets <strong>and</strong> spyware. In this tutorial, we describe our<br />
data mining tools for email worm detection, remote exploit<br />
detection, botnet detection, <strong>and</strong> for detecting malicious<br />
executables. In addition we will discuss stream mining for<br />
malware detection as well as our approaches for insider<br />
threat detection, adaptable malware detection, real-time<br />
data mining for suspicious event detection <strong>and</strong> firewall policy<br />
management.<br />
An email worm spreads through infected email messages.<br />
The worm may be carried by an attachment, or the email may<br />
contain links to an infected website. When the user opens<br />
the attachment, or clicks the link, the host gets infected<br />
immediately. We have developed tools on applying data<br />
mining techniques for intrusion email worm detection. We<br />
use both Support Vector Machine (SVM) <strong>and</strong> Naïve Bayes<br />
(NB) data mining techniques.<br />
Malicious code is a great threat to computers <strong>and</strong> computer<br />
society. Numerous kinds of malicious codes w<strong>and</strong>er in the<br />
wild. Some of them are mobile, such as worms, <strong>and</strong> spread<br />
through the internet causing damage to millions of computers<br />
worldwide. Other kinds of malicious codes are static, such as<br />
viruses, but sometimes deadlier than its mobile counterpart.<br />
One popular technique followed by the anti-virus community to<br />
detect malicious code is “signature detection”. This technique<br />
matches the executables against a unique telltale string or<br />
byte pattern called signature, which is used as an identifier<br />
for a particular malicious code. A zero-day attack is an attack<br />
whose pattern is previously unknown. We are developing a<br />
number of data mining tools for malicious code detection that<br />
do not depend on the signature of the malware. Our hybrid<br />
feature retrieval model will be described in the tutorial.<br />
“<br />
Dr. Radmilla Juric<br />
OWL/SWRL enabled<br />
ontologies <strong>and</strong> reasoning <strong>and</strong><br />
its applicability in software<br />
engineering<br />
The Web Ontology Language (OWL) has become a W3C<br />
recommendation in 2004, followed by the Semantic Web<br />
Rule Language (SWRL). We can build OWL ontologies<br />
by common ontology editors <strong>and</strong> perform reasoning upon<br />
them, using SWRL, which has been supported by various<br />
reasoners. Traditionally, we can represent knowledge in<br />
OWL because, as in classical AI, both ontology <strong>and</strong> rule<br />
languages are similar <strong>and</strong> powerful first order logic formalisms<br />
in knowledge representation. In this tutorial we would like to<br />
discuss possibilities of exploiting the power of OWL/SWRL<br />
enabled ontologies in Software Engineering, for the purpose<br />
of creating computational environments which address the<br />
needs of modern software applications: from mobility <strong>and</strong><br />
pervasiveness of computational spaces to their applicability<br />
across domains: education, healthcare, military, commerce,<br />
governance etc. We would specifically look at:<br />
• The power of OWL/SWRL enabled ontologies in the<br />
creation of software solutions which address a range of<br />
problems: interoperability in software systems, decision<br />
making <strong>and</strong> its algorithms, recommender systems <strong>and</strong><br />
their techniques, information overload, retrievals <strong>and</strong><br />
search engines.<br />
• The role of OWL/SWRL inference mechanisms in software<br />
applications outside the AI conception of ‘intelligence’.<br />
We would create OWL/SWRL inferences on an ad-hoc<br />
basis <strong>and</strong> according to the application requirements <strong>and</strong><br />
the application context <strong>and</strong> situation awareness.<br />
• The possibility of assessing new ways of creating<br />
‘intelligence’ by joining OWL/SWRL with methods of<br />
mining, filtering, ranking, tagging, semantic annotations<br />
<strong>and</strong> similar.<br />
• The consensus <strong>and</strong> practices of creating efficient OWL<br />
models which should secure reasoning upon its concepts,<br />
Now, in discussing the relation of science to the<br />
scientific culture of society, the first thing that<br />
comes to mind immediately is, of course, the most<br />
obvious thing, which is the application of science.<br />
The applications are culture too.<br />
Richard P. Feynman, Nobel Laureate<br />
From The Pleasure of Finding Things Out, P. 98, Puplished by<br />
Carl Feynman <strong>and</strong> Michelle Feynman, 1999.<br />
SDPS 2012<br />
22