Various viewpoints analysis of the actual and large-scale data by using the data mining technique

Abstract

Many indiscriminate attacks represented by various computer worms happen on the Internet. These attacks, however, are not targeting at specific group of computers but all computers in the Internet. The administrator always has to grasp all activities on the Net, which is possible to take effective countermeasures against malicious activities by utilizing the logged data of IDS (intrusion detection system). So, we analyze the reliable data collected by the National Police Agency (NPA) of Japan with data mining approaches, and extract a flow of attacks with a measure of both appearance and confidence probability. Additionally, we dig deeper into the data by focusing on the difference of granularity of the Internet domains to which source hosts belong. We expect that the administrator can possess the preliminary knowledge required for defending against a possible attacks based on our results