Chapter 1 Security Data Mining: A Survey Introducing Tamper-Resistance Clifton Phua and Mafruz Ashrafi Abstract Security data mining, a form of countermeasure, is the use of large-scale data analytics to dynamically detect a small number of adversaries who are con- stantly changing. It encompasses data- and results-related safeguards; and is relevant across multiple domains such as financial, insurance, and health. With reference to security data mining, there are specific and general problems, but the key so- lution and contribution of this chapter is still tamper-resistance. Tamper-resistance addresses most kinds of adversaries and makes it more difficult for an adversary to manipulate or circumvent security data mining; and consists of reliable data, anomaly detection algorithms, and privacy and confidentiality preserving results. In this way, organisations applying security data mining can better achieve accuracy for organisations, privacy for individuals in the data, and confidentiality between organisations which share the results. 1.1 Introduction There is the exceptional progress in networking, storage and processor technology; as well as the increase in data sharing between organisations. As a result, there is the explosive growth in the volume of digital data, a significant portion of which is collected by an organisation for security purposes. This necessitates the use of security data mining to analyze digital data to dis- cover actionable knowledge. By actionable, we mean that this new knowledge improves the organisation’s key performance indicators, enables better decision- making for the organisation’s managers, and provides measurable and tangible re- sults. Instead of purely theoretical data-driven data mining, more practical domain- driven data mining is required to discover actionable knowledge. A*STAR, Institute of Infocomm Research, Room 04-21 (+6568748406), 21, Heng Mui Keng Ter- race, Singapore 119613, e-mail: cwphua@i2r.a-star.edu.sg, mashrafi@i2r.a-star.edu.sg 1