Data Mining and Data Warehousing

Database Systems Security 
349
planning pricing and promotion strategies. Data mining techniques result in the develop-
ment of data models that can be used to predict future activity.
The activity of data mining produces metadata. 
Metadata
is data about data or infor-
mation about data. Metadata is not exclusively the result of data mining operations; other 
functions or services can produce metadata as well. Think of metadata from a data mining 
operation as a concentration of data. It can also be a superset, a subset, or a representation 
of a larger dataset. Metadata can be the important, significant, relevant, abnormal, or aber-
rant elements from a dataset.
One common security example of metadata is that of a security incident report. An inci-
dent report is the metadata extracted from a data warehouse of audit logs through the use 
of a security auditing data mining tool. In most cases, metadata is of a greater value or sen-
sitivity (due to disclosure) than the bulk of data in the warehouse. Thus, metadata is stored 
in a more secure container known as the 
data mart
.
Data warehouses and data mining are significant to security professionals for two rea-
sons. First, as previously mentioned, data warehouses contain large amounts of potentially 
sensitive information vulnerable to aggregation and inference attacks, and security practi-
tioners must ensure that adequate access controls and other security measures are in place 
to safeguard this data. Second, data mining can actually be used as a security tool when it’s 
used to develop baselines for statistical anomaly–based intrusion detection systems. Data 
mining is used to “hunt” through large volumes of security-related data for anomalous 
events that could indicate an ongoing attack, compromise, or breach.

Download 19,3 Mb.

Do'stlaringiz bilan baham: