Fusing A Heterogeneous Alert Stream Into Scenarios

Slides:

Advertisements

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Advertisements

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Test practice Multiplication. Multiplication 9x2.

Finding bugs: Analysis Techniques & Tools Comparison of Program Analysis Techniques CS161 Computer Security Cho, Chia Yuan.

Date : 21 st of May, Shri Ramdeo Baba College of Engineering and Management Presentation By : Rimjhim Singh Under the Guidance of: Dr. M.B. Chandak.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

1 Anomaly Detection Using GAs Umer Khan 28-sept-2005.

Stream Control Transmission Protocol 網路前瞻技術實驗室陳旻槿.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

School of Computer Science and Information Systems

Machine Learning as Applied to Intrusion Detection By Christine Fossaceca.

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Chapter 5 Data mining : A Closer Look.

Multiples 1 X 2 = 22 X 2 = 43 X 2 = 6 4 X 2 = 8 What do you call 2,4,6,8 ?Multiples of 2 Why?

1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.

Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)

PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

Riki Tik: (the quick survey tool). Professors IP address: 255 : 10 : 35 : 130 There are: 12 students connected so far What type of question would you.

GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.

Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.

Intrusion Detection Techniques for Mobile Wireless Networks Zhang, Lee, Yi-An Huang Presented by: Alex Singh and Nabil Taha.

Using Advanced Formatting and Analysis Tools. 2 Working with Grouped Worksheets: Grouping Worksheets  Data is entered simultaneously on all worksheets.

Secure Sensor Data/Information Management and Mining Bhavani Thuraisingham The University of Texas at Dallas October 2005.

Evaluating Network Security with Two-Layer Attack Graphs Anming Xie Zhuhua Cai Cong Tang Jianbin Hu Zhong Chen ACSAC (Dec., 2009) 2010/6/151.

IP Addresses By Michelle Lin and Carmen Hui. IP Addresses IP stands for Internet Protocol. An IP Address is a unique number assigned to a device in a.

Information Fusion By Ganesh Godavari. Outline of Talk Problem Definition –Attack Types Correlation Solutions OSSIM Work Status.

Intrusion Detection Cyber Security Spring Reading material Chapter 25 from Computer Security, Matt Bishop Snort –

Multipath TCP Security Issues: A Request for Assistance Alan Ford (MPTCP WG)

CSE715 Presentation Project Fall 2004 by Michael Alexandrou and Rusty Coleman.

NC-BSI: TASK 3.5: Reduction of False Alarm Rates from Fused Data Problem Statement/Objectives Research Objectives Intelligent fusing of data from hybrid.

A Blackboard-Based Learning Intrusion Detection System: A New Approach

Virtual Local Area Networks In Security By Mark Reed.

On Survivability of Mobile Cyber Physical Systems with Intrusion Detection Authors: Robert Mitchell, Ing-Ray Chen Presented by: Ting Hua.

Ch23 Ameera Almasoud 1 Based on Data Communications and Networking, 4th Edition. by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007.

SIEM Rotem Mesika System security engineering

A Generic Approach to Big Data Alarms Prioritization

Internet Protocol Address

42 universities (14 – public, 27 – private, 1 – church)

4 Elementary Probability Theory

Evaluating Existing Systems

Data and Applications Security Developments and Directions

PART 5 Transport Layer Computer Networks.

Evaluating Existing Systems

Public Key Encryption and the RSA Algorithm

FEATURE OF THE (EVERY OTHER) DAY

ASSIGNMENT NO.-2.

Energy in the kitchen The aim of this lesson is to enable children to understand how electrical energy is used in their everyday lives. The specific focus.

4 Elementary Probability Theory

Authors Bo Sun, Fei Yu, Kui Wu, Yang Xiao, and Victor C. M. Leung.

Indices – Learning Outcomes

How to use this template?

Introduction to Data Mining, 2nd Edition

Probability and Probability Distributions

Predicting Outcomes of Events

Graph-based Security and Privacy Analytics via Collective Classification with Joint Weight Learning and Propagation Binghui Wang, Jinyuan Jia, and Neil.

Energy in the kitchen The aim of this lesson is to enable children to understand how electrical energy is used in their everyday lives. The specific focus.

March 2019 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Security vs. Sequence Length Considerations]

5 Elementary Probability Theory

Data mining Data mining is the process of analyzing data from different perspectives and summarizing it into useful information.

Generating Sequences © T Madas.

Machine Learning – a Probabilistic Perspective

Attention for translation

Intrusion Detection Systems

COMPSCI 330 Design and Analysis of Algorithms

Presentation transcript:

Fusing A Heterogeneous Alert Stream Into Scenarios O. Dain and R.K. Cummingham From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)

Objective To combine alerts (generated by multiple IDSs in an organization) into scenarios Each scenario is a sequence of actions performed by a single actor or an organization To group alerts that share a common cause False alarm probabilities are assigned to scenarios rather than individual alerts For each new alarm generated, compare it to existing scenarios and compute probability that it belongs to that

Data Mining Techniques Used to assign probabilities for an alert to belong to a scenario---to provide better predictive power Since attackers often use the same tools or attack types, many features were included to indicate if any previous alerts in the scenario are the exact same type as the current alert and if the most recent alert in the scenario is the same as the new alert Attackers focus on a single host---so destination address is one of the features