Investigative Data Mining for Security and Criminal Detection

Occurs when an actual intrusive action has occurred but the system allows it to pass as nonintrusive behavior.

Occurs when the system classifies an action as anomalous (a possible intrusion) when it is a legitimate action.

The ability of a system or component to continue normal operation despite the presence of hardware or software faults.

A system or combination of systems that enforces a boundary between two or more networks. Gateway that limits access between networks in accordance with local security policy. The typical firewall is an inexpensive micro-based UNIX box kept clean of critical data, with many modems and public network ports on it, but just one carefully watched connection back to the rest of the cluster.

To contain, isolate, and monitor an unauthorized user within a system in order to gain information about the user.

Also known as Logic Bomb. Code that can be written in one line on any UNIX system; used to recursively spawn copies of itself, eventually "explodes," eating all the process table entries and effectively locking up the system.