QianZhu, Liang Chen and Gagan Agrawal

Slides:

Advertisements

Similar presentations

An Overview of ABFT in cloud computing

Advertisements

Real-Time Template Tracking

Feedback Control Real-Time Scheduling: Framework, Modeling, and Algorithms Chenyang Lu, John A. Stankovic, Gang Tao, Sang H. Son Presented by Josh Carl.

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

Active Learning for Streaming Networked Data Zhilin Yang, Jie Tang, Yutao Zhang Computer Science Department, Tsinghua University.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Cloud Computing Resource provisioning Keke Chen. Outline  For Web applications statistical Learning and automatic control for datacenters  For data.

Fast and Extensible Building Modeling from Airborne LiDAR Data Qian-Yi Zhou Ulrich Neumann University of Southern California.

1 Learning to Detect Objects in Images via a Sparse, Part-Based Representation S. Agarwal, A. Awan and D. Roth IEEE Transactions on Pattern Analysis and.

Neural Technology and Fuzzy Systems in Network Security Project Progress 2 Group 2: Omar Ehtisham Anwar Aneela Laeeq

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.

WAC/ISSCI Automated Anomaly Detection Using Time-Variant Normal Profiling Jung-Yeop Kim, Utica College Rex E. Gantenbein, University of Wyoming.

Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.

1 Data Mining over the Deep Web Tantan Liu, Gagan Agrawal Ohio State University April 12, 2011.

NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY Presented by:Manoj Kumar Gantayat CS: Technical Seminar Presentation by MANOJ KUMAR GANTAYAT.

Introduction The large amount of traffic nowadays in Internet comes from social video streams. Internet Service Providers can significantly enhance local.

GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.

Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.

IE 585 Introduction to Neural Networks. 2 Modeling Continuum Unarticulated Wisdom Articulated Qualitative Models Theoretic (First Principles) Models Empirical.

Ohio State University Department of Computer Science and Engineering 1 Cyberinfrastructure for Coastal Forecasting and Change Analysis Gagan Agrawal Hakan.

Resistant Learning on the Envelope Bulk for Identifying Anomalous Patterns Fang Yu Department of Management Information Systems National Chengchi University.

23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.

An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.

Euro-Par, A Resource Allocation Approach for Supporting Time-Critical Applications in Grid Environments Qian Zhu and Gagan Agrawal Department of.

Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,

IXA 1234 : C++ PROGRAMMING CHAPTER 1. PROGRAMMING LANGUAGE Programming language is a computer program that can solve certain problem / task Keyword: Computer.

High-level Interfaces and Abstractions for Data-Driven Applications in a Grid Environment Gagan Agrawal Department of Computer Science and Engineering.

1 Supporting Dynamic Migration in Tightly Coupled Grid Applications Liang Chen Qian Zhu Gagan Agrawal Computer Science & Engineering The Ohio State University.

Unsupervised Mining of Statistical Temporal Structures in Video Liu ze yuan May 15,2011.

CS 351/ IT 351 Modeling and Simulation Technologies Review ( ) Dr. Jim Holten.

Refined Online Citation Matching and Adaptive Canonical Metadata Construction CSE 598B Course Project Report Huajing Li.

Anomaly Detection. Network Intrusion Detection Techniques. Ştefan-Iulian Handra Dept. of Computer Science Polytechnic University of Timișoara June 2010.

The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System Authors ： Martin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser.

1 A Grid-Based Middleware’s Support for Processing Distributed Data Streams Liang Chen Advisor: Gagan Agrawal Computer Science & Engineering.

1 Supporting a Volume Rendering Application on a Grid-Middleware For Streaming Data Liang Chen Gagan Agrawal Computer Science & Engineering Ohio State.

Progress Apama Fundamentals

Talal H. Noor, Quan Z. Sheng, Lina Yao,

Authors: Jiang Xie, Ian F. Akyildiz

OPERATING SYSTEMS CS 3502 Fall 2017

The Development Process of Web Applications

Security of Grid Computing Environments

Spark Presentation.

Outline Introduction Characteristics of intrusion detection systems

Liang Chen Advisor: Gagan Agrawal Computer Science & Engineering

A Framework for Automatic Resource and Accuracy Management in A Cloud Environment Smita Vijayakumar.

Supporting Fault-Tolerance in Streaming Grid Applications

Introduction to Software Engineering

Communication and Memory Efficient Parallel Decision Tree Construction

Lecture 09:Software Testing

Soft Error Detection for Iterative Applications Using Offline Training

Test Automation CS 4501 / 6501 Software Testing

An Adaptive Middleware for Supporting Time-Critical Event Response

The Vision of Autonomic Computing

Smita Vijayakumar Qian Zhu Gagan Agrawal

Need for the subject.

Dynamic Authentication of Typing Patterns

GATES: A Grid-Based Middleware for Processing Distributed Data Streams

Binghui Wang, Le Zhang, Neil Zhenqiang Gong

Resource Allocation in a Middleware for Streaming Data

Intro to Machine Learning

ADVANCED ANOMALY DETECTION IN CANARY TESTING

Presented By: Darlene Banta

Decision Trees for Mining Data Streams

Resource Allocation for Distributed Streaming Applications

Modeling IDS using hybrid intelligent systems

Model-based Adaptation for Self-Healing Systems David Garlan, Bradley Schmert ELSEVIER Sciences of Computer Programming 57 (2005) 이경렬

Srinivas Neginhal Anantharaman Kalyanaraman CprE 585: Survey Project

L. Glimcher, R. Jin, G. Agrawal Presented by: Leo Glimcher

Presentation transcript:

Supporting a Real-time Distributed Intrusion Detection Application on GATES QianZhu, Liang Chen and Gagan Agrawal Department of Computer Science and Engineering The Ohio State University Euro-Par 2006 Conference Aug 30th, 2006 Dresden, Germany

Roadmap Introduction Anomaly Detection Algorithm Overview of GATES Distributed Anomaly Detection Algorithm Experiments Conclusion

Introduction Growing rate of interconnections among computer systems Network Security chanllenge Intrusion prevention techniques user authentication avoiding programming errors information protection Intrusion detection to protect system

Introduction Intrusion Detection Techniques Anomaly Detection Detect intrusions by determining whether a record is deviated from an established normal behavior profile Misuse Detection Detect intrusions by comparing records against patterns of known intrusions

Roadmap Introduction Anomaly Detection Algorithm Overview of GATES Distributed Anomaly Detection Algorithm Experiments Conclusion

Anomaly Detection Algorithm Many anomaly detection algorithms train models over clean data Drawbacks Clean data is NOT always easy to obtain Training over noisy data has serious consequences It is difficult to train the model “online” since clean data must be guaranteed

Anomaly Detection Algorithm An approach from Eskin (ICML 2000) Detecting intrusions without clean data Assumption: the number of normal elements should be significantly larger than the number of intrusion elements

Anomaly Detection Algorithm Explaining anomalies by a mixture model Modeling probability distributions D: The data set Mt: The set of normal data at time t At: The set of anomalous data at time t

Anomaly Detection Algorithm Detecting anomalies IF (LLt-LLt-1)>c ELSE

Anomaly Detection Algorithm Problems Computation intensive Processing data on one single node Real-time constraint Fast detection Need for self-adaptation

Roadmap Introduction Anomaly Detection Algorithm Overview of GATES Distributed Anomaly Detection Algorithm Experiments Conclusion

Overview of GATES GATES (Grid-based AdapTive Execution on Stream) is a middleware which can support distributed data stream processing Internet Globus-OGSA GATES Applications Web service

Overview of GATES An application built on the GATES Automatically distributed to proper computing nodes Automatically self-adaptive to varying environment without implementing certain algorithms or multiple versions Self-adaptation algorithm to achieve the highest level of accuracy while meeting the real-time constraint

Overview of GATES Breaking down the task into several sub-tasks so that the sub-tasks can consist of a pipeline Implementing each sub-task in Java Writing an XML configuration file for the sub-tasks to be automatically deployed. I.E specify how many stages the pipeline has specify where the codes that are processing the sub-tasks reside Launch the application by running a java program (StreamClient.class) provided by the GATES

Roadmap Introduction Anomaly Detection Algorithm Overview of GATES Distributed Anomaly Detection Algorithm Experiments Conclusion

Distributed Anomaly Detection Algorithm Network data come in streams How to maintain an accurate model for the data Incremental maintenance of a data model over a data stream The maintenance has to be quick for fast streams and robust for noisy data

Distributed Anomaly Detection Algorithm

Distributed Anomaly Detection Algorithm Producer Generating data streams Collector Generating local model (GMM) and sent it together with sample data to the next stage. Performing anomaly detection based on global model (GMM) Combiner Combining local models into a global model Sending the global model back to Collector

Distributed Anomaly Detection Algorithm Adjustable parameters The sampling rate on the Collector stage The converge threshold for the EM algorithm Fix one of them while making the other one adjusted by GATES

Roadmap Introduction Anomaly Detection Algorithm Overview of GATES Distributed Anomaly Detection Algorithm Experiments Conclusion

Experiments Data set (KDD cup 99) 335,892 91% 41 22 # of records % of normal data attributes # of intrusion types 335,892 91% 41 22 Note: only 10 attributes (7 continuous and 3 categorical) out of 41 were used for the algorithm

Experiments Adjustable EM threshold vs. Fixed sampling rate Producing rate varies from 100k/sec, 80k/sec 50k/sec, 30k/sec to 10k/sec Sampling rate varies from 40%, 20%, 16%, 13% to 10%

Experiments

Experiments

Experiments Logistic Regression input variables: continuous, categorical or both response variavles: 0/1 value Use three categorical attributes for logistic regression Combine results for final detection

Experiments Detection performance improved by using Logistic Regression

Experiments Adjustable sampling rate vs. Fixed EM threshold Producing rate varies from 100k/sec, 80k/sec 50k/sec, 30k/sec to 10k/sec EM threshold varies from 0.0001, 0.00005 to 0.00001

Experiements

Roadmap Introduction Anomaly Detection Algorithm Overview of GATES Distributed Anomaly Detection Algorithm Experiments Conclusion

Conclusion Convert the Eskin anomaly detection algorithm into a distributed version and deploy the application on GATES GATES can effectively adjust the tradeoff between maintaining the real-time constraint and the highest accuracy (95.36% vs. 97.63%)

Thank you!