Security Monitoring for Network Protocols and Applications

Slides:

Advertisements

Similar presentations

Text mining Gergely Kótyuk Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology and Economics

Advertisements

Rerun of machine learning Clustering and pattern recognition.

Yuval Elovici, Prof. Director of Telekom Innovation Laboratories Head of BGU Cyber Security Labs June, 2014 The Role of the Academia in Promoting Cyber.

An Overview of Machine Learning

Software Quality Ranking: Bringing Order to Software Modules in Testing Fei Xing Michael R. Lyu Ping Guo.

A Comprehensive Study on Third Order Statistical Features for Image Splicing Detection Xudong Zhao, Shilin Wang, Shenghong Li and Jianhua Li Shanghai Jiao.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

Three kinds of learning

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Neural Networks in Data Mining “An Overview”

Intrusion Detection System Marmagna Desai [ 520 Presentation]

LLNL-PRES This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract DE-AC52-07NA27344.

Automated malware classification based on network behavior

Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)

SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –

Data Mining Techniques

Combining Supervised and Unsupervised Learning for Zero-Day Malware Detection © 2013 Narus, Inc. Prakash Comar 1 Lei Liu 1 Sabyasachi (Saby) Saha 2 Pang-Ning.

R 18 G 65 B 145 R 0 G 201 B 255 R 104 G 113 B 122 R 216 G 217 B 218 R 168 G 187 B 192 Core and background colors: 1© Nokia Solutions and Networks 2014.

Data Mining. 2 Models Created by Data Mining Linear Equations Rules Clusters Graphs Tree Structures Recurrent Patterns.

A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.

Jay Stokes, Microsoft Research John Platt, Microsoft Research Joseph Kravis, Microsoft Network Security Michael Shilman, ChatterPop, Inc. ALADIN: Active.

Next-Generation IDS: A CEP Use Case in 10 Minutes 3rd Draft – November 8, nd Event Processing Symposium Redwood Shores, California Tim Bass, CISSP.

Master Thesis Defense Jan Fiedler 04/17/98

Introduction to machine learning and data mining 1 iCSC2014, Juan López González, University of Oviedo Introduction to machine learning Juan López González.

1 Delay Tolerant Network Routing Sathya Narayanan, Ph.D. Computer Science and Information Technology Program California State University, Monterey Bay.

An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.

EVENT DETECTION IN TIME SERIES OF MOBILE COMMUNICATION GRAPHS

Copyright © 2012, SAS Institute Inc. All rights reserved. ANALYTICS IN BIG DATA ERA ANALYTICS TECHNOLOGY AND ARCHITECTURE TO MANAGE VELOCITY AND VARIETY,

1 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Cognitive Security: Security Analytics and Autonomics for Virtualized Networks Lalita Jagadeesan.

DDM Kirk. LSST-VAO discussion: Distributed Data Mining (DDM) Kirk Borne George Mason University March 24, 2011.

EE515/IS523: Security 101: Think Like an Adversary Evading Anomarly Detection through Variance Injection Attacks on PCA Benjamin I.P. Rubinstein, Blaine.

Network Management CCNA 4 Chapter 7. Monitoring the Network Connection monitoring takes place every day when users log on Ping only shows that the connection.

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.

Data Mining and Decision Support

Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment Bertrand Mathieu, Guillaume Doyen, Wissam Mallouli, Thomas Silverston,

KEYNOTE OF THE FUTURE 4: PETER MAYNARD CSIT PhD Student QUEEN’S UNIVERSITY BELFAST.

WHAT IS DATA MINING?  The process of automatically extracting useful information from large amounts of data.  Uses traditional data analysis techniques.

2009/6/221 BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure- Independent Botnet Detection Reporter : Fong-Ruei, Li Machine.

WHAT IS DATA MINING?  The process of automatically extracting useful information from large amounts of data.  Uses traditional data analysis techniques.

ML in the Routers: Learn from and Act on Network Traffic Bing ietf95, April

DATA MINING and VISUALIZATION Instructor: Dr. Matthew Iklé, Adams State University Remote Instructor: Dr. Hong Liu, Embry-Riddle Aeronautical University.

Experience Report: System Log Analysis for Anomaly Detection

CSE 4705 Artificial Intelligence

IoT Security Part 2, The Malware

Principal Component Analysis (PCA)

Data Mining, Machine Learning, Data Analysis, etc. scikit-learn

Data Mining – Intro.

Secure M2M communication in Wireless Sensor Network

Machine Learning for Computer Security

Apache Spot (Incubating)

Sentiment analysis algorithms and applications: A survey

DATA MINING © Prentice Hall.

SENSOR FUSION LAB RESEARCH ACTIVITIES PART II: SIGNAL/IMAGE PROCESSING AND NETWORKING Sensor Fusion Lab, Department of Electrical Engineering and.

Trusted Routing in IoT Dr Ivana Tomić In collaboration with:

Multimodal Biometric Security

CH. 1: Introduction 1.1 What is Machine Learning Example:

© 2013 ExcelR Solutions. All Rights Reserved Data Mining - Supervised Decision Tree & Random Forest.

Roland Kwitt & Tobias Strohmeier

A survey of network anomaly detection techniques

Enhancing Diagnostic Quality of ECG in Mobile Environment

RHMD: Evasion-Resilient Hardware Malware Detectors

Cheng-Yi, Chuang (莊成毅), b99

CIPSEC Framework components: XL-SIEM

Data Mining, Machine Learning, Data Analysis, etc. scikit-learn

Data Mining, Machine Learning, Data Analysis, etc. scikit-learn

Modeling IDS using hybrid intelligent systems

What is Artificial Intelligence?

Presentation transcript:

Security Monitoring for Network Protocols and Applications Vinh Hoa LA Ɨ Prof. Ana CAVALLI Ɨ Ƭ PhD Student Supervisor Ɨ Telecom SudParis, IMT Ƭ Montimage France 11/21/2018

Context Cyber-security: emerging topic Network/System/Application Cyber attacks/crime: growing in both volume and sophistication Two directions: Secure Design Security Testing Network/System/Application Security Monitoring Heterogeneous (Signature-based + Anomaly-based) approach Novel advanced techniques: Statistical Learning Machine Learning Nearly 1 million new malware threats released every day Total cost of cyber-crime in recent three years 11/21/2018 TAROT 2016

Security Monitoring Framework Framework Overview: Signature-based approach Anomaly-based approach Network Data Capture Data Processing (Attribute Extraction, Dimension Reduction) Learning/Training Phase Conclusion Traffic Trace Logs … Misbehavior signature Normal behaviors System Dimension Reduction: RP (random projection), PCA (principal component analysis), DM (diffusion map) LDA (linear discriminant analysis), canonical correlation analysis, discrete cosine transform, Monitoring/Detection Phase Correlation Application MMT-based framework 11/21/2018 TAROT 2016

Case studies Traditional TCP/IP networks: LAN monitoring: ARP spoofing still alive. WAN/Internet Monitoring: HTTP User-Agent field case study. 6LoWPAN-based IoT monitoring: Misbehavior node detection algorithm based on Statistical Learning. Information Theory (Entropy)-based routing anomaly detection. Machine Learning-based anomaly detection. System and Application Monitoring SQL injection detection and tolerance. Android malware detection. Machine Learning: Supervised: Neural Network, SVM, Decision Tree Unsupervised: Association rule learning, K-Means 11/21/2018 TAROT 2016

Open Issues Machine Learning & Phishing/Web pop-up/Spam avoidance How can the solution be distributed? Distributed Agents/ Probes How to distribute the agents? (agent-based modeling, geographical information data, e.g., GAMA) Static  Mobile ? 11/21/2018 TAROT 2016

Thank you! 11/21/2018