Section: Application Domains

Security and Anomaly Detection

Since 2007, we investigated research fields related to security and anomaly detection by means of data mining. Security of information systems is getting more and more difficult because of the streaming aspect of their trace. Data streams have two major characteristics: 1) they are the vital signals of the considered system and their analysis is of great interest and 2) their production rate is so high that actual technology is not able to process them in a satisfying way.

We are currently exploring two aspects of detection in data streams:

• Anomaly detection in data streams. This work aims at discovering records that are unusual compared to the majority of data. It can be used for monitoring devices in sensitive applications, such as nuclear energy production for instance.

• Intrusion detection. In this work, the first step (anomaly detection) is used for network and information system security.

For both aspects, the major issue is to lower the threshold of false alarms. AxIS is involved in two projects related to data streams: MIDAS (an ANR project, section 7.1.3 ) and SéSur (an ARC of INRIA, section 8.2.1 ). AxIS is also managing MUTAN (Color project of INRIA, section 8.1.2 ) a project dedicated to intrusion detection. The MIDAS project allows us to work on real data from Orange (usage of a mobile portal), EDF (fluctuation of energy consumption for each client) and also GPS information from a large of vehicules (real time road traffic information). In projects SéSur and MUTAN, we have applied our methods to client behaviors on Web sites of INRIA Sophia Antipolis and IRISA.