Authors Bo Sun, Fei Yu, Kui Wu, Yang Xiao, and Victor C. M. Leung.

Slides:

Advertisements

Similar presentations

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Advertisements

1 Mobility-Based Predictive Call Admission Control and Bandwidth Reservation in Wireless Cellular Networks Fei Yu and Victor C.M. Leung INFOCOM 2001.

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of.

Data Mining and Intrusion Detection

1 Prediction-based Strategies for Energy Saving in Object Tracking Sensor Networks Yingqi Xu, Wang-Chien Lee Proceedings of the 2004 IEEE International.

Intrusion Detection Systems and Practices

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

1 A DATA MINING APPROACH FOR LOCATION PREDICTION IN MOBILE ENVIRONMENTS* by Gökhan Yavaş Feb 22, 2005 *: To appear in Data and Knowledge Engineering, Elsevier.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

seminar on Intrusion detection system

Department Of Computer Engineering

Intrusion Detection System Marmagna Desai [ 520 Presentation]

WAC/ISSCI Automated Anomaly Detection Using Time-Variant Normal Profiling Jung-Yeop Kim, Utica College Rex E. Gantenbein, University of Wyoming.

Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.

1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY Presented by:Manoj Kumar Gantayat CS: Technical Seminar Presentation by MANOJ KUMAR GANTAYAT.

A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet.

Detecting Network Violation Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming.

Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.

IIT Indore © Neminah Hubballi

Intrusion Detection Techniques for Mobile Wireless Networks Zhang, Lee, Yi-An Huang Presented by: Alex Singh and Nabil Taha.

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

Optimal Activation of Intrusion Detection Agents for Wireless Sensor Networks Yulia Ponomarchuk and Dae-Wha Seo Kyungpook National University, Republic.

23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Operating system Security By Murtaza K. Madraswala.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

7.5 Intrusion Detection Systems Network Security / G.Steffen1.

Secure In-Network Aggregation for Wireless Sensor Networks

Wireless Trace Analysis. Project Goals Summary of project goals: First goal: analyze wireless access patterns Second goal: implement Markov predictor.

Cryptography and Network Security Sixth Edition by William Stallings.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

CS526: Information Security Chris Clifton November 25, 2003 Intrusion Detection.

Effective Anomaly Detection with Scarce Training Data Presenter: 葉倚任 Author: W. Robertson, F. Maggi, C. Kruegel and G. Vigna NDSS

Approaches to Intrusion Detection statistical anomaly detection – threshold – profile based rule-based detection – anomaly – penetration identification.

Online Sequential Prediction via Incremental Parsing: The Active LeZi Algorithm Source: IEEE Intelligent Systems, 22(1), pp , 2007 Authors: Karthik.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

Some Great Open Source Intrusion Detection Systems (IDSs)

Database and Cloud Security

Application Intrusion Detection

When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals Adekemi Adedokun May 2, 2017.

Global System for Mobile Communications

POLYGRAPH: Automatically Generating Signatures for Polymorphic Worms

Intrusion Control.

Cryptographic Hash Function

Security Methods and Practice CET4884

Basics of Intrusion Detection

Outline Introduction Characteristics of intrusion detection systems

Operating system Security

Lin Lu, Margaret Dunham, and Yu Meng

Why Compress? To reduce the volume of data to be transmitted (text, fax, images) To reduce the bandwidth required for transmission and to reduce storage.

Authors: Ing-Ray Chen; Yating Wang Present by: Kaiqun Fu

Intrusion Detection Systems

Jeyanthi Hall Ph.D. Candidate - Carleton University

A DATA MINING APPROACH FOR LOCATION PREDICTION IN MOBILE ENVIRONMENTS*

Module 2 OBJECTIVE 14: Compare various security mechanisms.

Unequal Error Protection for Video Transmission over Wireless Channels

Autonomous Network Alerting Systems and Programmable Networks

Security in SDR & cognitive radio

LM 7. Mobile Network Overview

Security in Wide Area Networks

Presentation transcript:

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Authors Bo Sun, Fei Yu, Kui Wu, Yang Xiao, and Victor C. M. Leung. Presented by Aniruddha Barapatre

Introduction Importance of Cellular phones. Due to the open radio transmission environment and the physical vulnerability of mobile devices , security is a cause of concern. Approaches to protect a system Prevention based approach Detection based approach Cellular phones are now being used in E-Shopping and E banking 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

Prevention and Detection Based Approach Prevention based approach : Encryption and authentication – allows legitimate users to enter into the system. Detection based approach: IDS ( Intrusion detection systems) Misuse based detection – to detect known used patterns Anomaly based detection – Used to detect known and unknown patterns. Creates a profile for user behavior and path and compares it with the current activity . Deviation observed is reported 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

Goal ! To design a mobility based anomaly detection scheme. To provide an optional service to end users. A useful administration tool to service providers. 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

Assumptions There exists a mobility database for each mobile user that describes it normal activities. Once the device has been compromised all the security details are available to the attacker . All users have got a regular itinerary . 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

Mobility Based Anomaly Detection Schemes LZ Based Intrusion detection : Feature Extraction Optimized data compression Probability Calculation – Markov model is used . Anomaly detection algorithm Markov-Based Anomaly Detection. 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

LZ Based Anomaly detection 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

LZ Based Intrusion Detection – Feature Extraction Features are security related measures that could be used to construct suitable detection algorithms. General pattern of the cellular mobile network is formed for each user. Each cell is denoted by character. String represents path taken by user. A mobility trie or fixed order Markov model is constructed by this string. 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

Data Compression Encoding of data to minimize representation. Commonly used lossless compression algorithms are dictionary based. Dictionary D = (M, C) M – set of phrases and C – function C maps M onto set of codes. 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

Probability Calculation Based on prediction by partial matching scheme. Consecutive previous m characters are used to predict the next character and calculate probability. m = 1  Next event only depends on the last event in the past m > 1  Next event depends on multiple M events in the past m – small  prediction will be poor as little data to audit. m – large  most contexts will seldom happen. 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

Contd… Blended probability P(α) = ∑mi = 0 wi * pi(α) m – maximum order α – next character predicted i – previous characters pi(α) – probability assigned to α wi – weight given to model of order i 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

Anomaly Detection Algorithm Integration of EWMA into mobile trie.(changed frequency) F(i) = λ * 1 + (1 - λ) * F(i)  i – one item of corresponding events F(i) = λ * 0 + (1 - λ) * F(i)  i – not one item of corresponding events λ – smoothing constant which determines decay rate 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

Markov Based Anomaly Detection P(X(t+1 = j)) = N(j)/N X(t) = state visited by the user or the users activity at time t . N is the total number of observations (cells) N(j) total number of observations of destination . For o = 0, probability Po is – ∑ni = 1 P (xi = j) Similarity metric (S) = Po / Length (S) Length (S) – length of string 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

Similarities between Markov and LZ based algorithm Examine the history so far. Extract the current context. Predict the next cell location. Append history with one character (standing for one cell). Predictor updates its history to prepare for next prediction. 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

Difference between Markov and LZ based algorithm LZ has compression Has EWMA There exists a concept of Modified frequency Markov In Markov there is No compression No EWMA Only one frequency exists 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

Conclusion False alarm rate of LZ is lower than that of Markov, this is due to EWMA used in LZ As the mobility increases the false alarm rate decreases. 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

Contd… Detection Rate : The detection rate of the LZ-based scheme is higher than those of Markov based schemes with different orders Reason – Use of EWMA in LZ Detection rate of all schemes increases with the increase in mobility. Thus the detection rate is improved in case of mobility. 11/10/2018 CSCI 5931 - Wireless & Sensor Networks

References Bo Sun, Fei Yu, Kui Wu, Yang Xiao and Victor C. M. Leung, “Enhancing Security Using Mobility-Based Anomaly Detection in Cellular Mobile Networks”, IEEE Transactions on vehicular technology, 3 May 2006. 11/10/2018 CSCI 5931 - Wireless & Sensor Networks