New Data Mining Method for Combatting Hackers

New Data Mining Method for Combatting Hackers

This post is also available in: heעברית (Hebrew)

Efforts to combat hackers usually focus on one method of attack, but computer scientists at University of Texas Dallas have developed a strategy more effective at tackling various types of attacks.

Prof. Murat Kantarcioglu, professor of computer science and director of the Data Security and Privacy Lab, and research scientist Dr. Yan Zhou have created a data-mining model that can identify various adversaries, or hackers. Data mining, the process of analyzing big sets of data and organizing it into useful information, is used in all corners of industry, Kantarcioglu said.

“One area where adversaries commonly come into play is spam filtering,” he said. “In the early days, we would try to figure out whether an email was spam or legitimate by looking at the words contained within the body of the message. Adversaries, in this example, were anyone modifying emails to try and deceive the data-mining process.”

These adversaries come in an array of types. Some aim to send spam content to email users, while others want to clog networks by making the resource unavailable. Some spammers have the capability to modify spam and legitimate emails, while other have little to no access to such emails.

The team of researchers realized it’s impossible to implement a filter that uses a single method to counter every possible type of spammer, motivating researchers to develop an “adversarial learning framework” that accounts for different types of hackers.

According to the University of Texas website, Kantarcioglu’s research presents a new, multitiered framework that simultaneously looks for adversarial data transformations and an optimal strategy to combat those changes. Zhou said these transformations are performed by the hacker to find the best way to modify data maliciously, allowing them to evade detection.

This mixed strategy is more reliable in situations when the data-mining applications are confronted by unknown adversaries.

Considering the future of the development, Zhou explained: “In our current work, we assume the adversaries are independent of each other and their actions have no impact on each other’s decisions. In the future, we will consider problems where there are multiple collaborative adversaries.”