Data mining techniques for information security applications

Abstract Information security technology is an essential component for protecting public and private computing infrastructures. With the widespread utilization of information technology applications, organizations are becoming more aware of the security threats to their resources. No matter how strict the security policies and mechanisms are, more organizations are becoming susceptible to a wide range of security breaches against their electronic resources. Network‐intrusion detection is an essential defense mechanism against security threats, which have been increasing in rate lately. It is defined as a special form of cyber threat analysis to identify malicious actions that could affect the integrity, confidentiality, and availability of information resources. Data mining‐based intrusion‐detection mechanisms are extremely useful in discovering security breaches. This article will provide an overview of the applications of data mining techniques in the information security domain. The focus will be on applying data mining to intrusion detection and intrusion prevention. This article will present a critical overview of the research directions in these fields, which will help researchers identify the key practical and research issues essential for building a successful network‐protection system. WIREs Comp Stat 2011 3 221–229 DOI: 10.1002/wics.161 This article is categorized under: Statistical and Graphical Methods of Data Analysis > Data Reduction, Smoothing, and Filtering Algorithms and Computational Methods > Networks and Security Statistical Learning and Exploratory Methods of the Data Sciences > Text Mining