Data Mining Strategies From Network Intrusion Detection As Applied To Identifying High-Risk Containers

摘要

Due to the increased importance recently placed on national security and preventing terrorist attacks, we feel that developing a methodology for detecting high-risk containers at our ports is critical to maintaining a sense of security in the United States. Utilizing data mining principles which have been applied to the concept of Network Intrusion Detection, we have developed a proposed methodology for categorizing containers as they arrive at U.S. ports so as to identify containers which may pose a threat in time to search them and prevent them from entering the United States to be used for harm. We feel that network intrusion detection is a good basis for a methodology for preventing high-risk containers from entering the United States because of the similarities the two topics share. Network intrusion detection is the process of identifying connections to a network which are abnormal, which do not behave as a normal connection would. Similarly, detecting high-risk containers is the process of identifying containers which do not fit the standard profile. Maybe the containers are from an unknown shipper, maybe they were handled by an unknown warehouse or ship, and maybe they went through more than the average number of ports on their way to the country. Whatever the anomaly may be in a container, it is the key to identifying that container as a threat. Because anomaly detection is also the key to identifying network intrusions, we feel that the underlying principles utilized in network intrusion detection can be effectively applied to high-risk container detection. In this paper we discuss the similarities between the two application areas and propose a modular design for a system for detecting high-risk containers, which utilizes three approaches from the area of network intrusion detection.