Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Slides:

Advertisements

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

1 CS 501 Spring 2002 CS 501: Software Engineering Lecture 11 Designing for Usability I.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.

FIT3105 Biometric based authentication and identity management

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Introduction (Pendahuluan)  Information Security.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.

Lecture 11 Intrusion Detection (cont)

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Battle of Botcraft: Fighting Bots in Online Games withHuman Observational Proofs Steven Gianvecchio, Zhenyu Wu, Mengjun Xie, and Haining Wang The College.

Discovering Computers 2010

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Karthiknathan Srinivasan Sanchit Aggarwal

Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Cryptography and Network Security

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

IIT Indore © Neminah Hubballi

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Preventing SQL Injection Attacks in Stored Procedures Alex Hertz Chris Daiello CAP6135Dr. Cliff Zou University of Central Florida March 19, 2009.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.

Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Grant Pannell. Intrusion Detection Systems  Attempt to detect unauthorized activity  CIA – Confidentiality, Integrity, Availability  Commonly network-based.

Vigilante: End-to-End Containment of Internet Worms Authors : M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham In Proceedings.

出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲吳俊逸.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

1 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Cognitive Security: Security Analytics and Autonomics for Virtualized Networks Lalita Jagadeesan.

Biometrics Authentication Technology

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

I can be You: Questioning the use of Keystroke Dynamics as Biometrics —Paper by Tey Chee Meng, Payas Gupta, Debin Gao Presented by: Kai Li Department of.

Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

By: Kirti Chawla. Definition Biometrics utilize ”something you are” to authenticate identification. This might include fingerprints, retina pattern, iris,

1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.

Login session using mouse biometrics A static authentication proposal using mouse biometrics Christopher Johnsrud Fullu 2008.

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #5 Issues on Designing Biometric Systems September 7, 2005.

DTRAB Combating Against Attacks on Encrypted Protocols through Traffic- Feature Analysis.

Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]

Chapter 9 Intruders.

Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper.

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.

INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.

L. F. Coppenrath & Associates PASSWORD BIOPASSWORD ® Biometric Keystroke Dynamics Technology Overview.

Intrusion Detection System

Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.

I can be You: Questioning the use of Keystroke Dynamics as Biometrics Tey Chee Meng, Payas Gupta, Debin Gao Ke Chen.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

Keystroke Dynamics By Hafez Barghouthi.

ONLINE INTRUSION ALERT AGGREGATION WITH GENERATIVE DATA STREAM MODELING.

Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Unobtrusive Mobile User Recognition Patent by Seal Mobile ID Presented By: Aparna Bharati & Ashrut Bhatia.

Chapter 9 Intruders.

Threat Modeling for Cloud Computing

Access control techniques

Secure Software Confidentiality Integrity Data Security Authentication

Chapter 9 Intruders.

Presentation transcript:

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005

Motivation Attacks targeted by intrusion detection systems can be divided in three forms: user-level, system-level, and network-level. Typical user- level attacks consist of masquerade attacks. Even though a typical computer intrusion involves exploiting together several of these vulnerabilities user-level attacks remain one of the most recurring forms of intrusions because successful user-level attacks always serve as prerequisite for most forms of intrusions.

Motivation We propose in this work a new approach to user profiling based on biometrics. The profiles computed in this case are more accurate than those obtained through the traditional statistical profiling techniques, since they are based on distinctive biological characteristics of users. The utilization of biometrics technology, however, has so far been limited to identity verification in authentication and access control systems. Hence important security applications such as intrusion detection systems have been left out of this technology.

Approach In this work we combine a new behavioral biometrics based on computer mouse dynamics and enhanced version of keystroke dynamics biometrics. Mouse and keystroke dynamics biometrics fulfill all the characteristics required for intrusion detection since it allows passive, dynamic, and real-time monitoring of users Our aim is to be able to construct a biometric signature which can be used to identify the user and detect possible intrusions.

Detector Architecture Client module, runs on the monitored machine (e.g. potential victim), is responsible for mouse movement and keystroke data collection. Security administrator makes sure for local users that the data collection software is installed on local machines. Server module is in charge of analyzing the data and computing a biometric profile. Computed profile is then submitted to a behavior comparison unit, which checks it against the stored profiles.

Detector Architecture

Mouse Dynamics monitor all mouse actions generated as a result of user interaction with a graphical user interface process the data obtained from these actions in order to analyze the behavior of the user. The behavioral analysis unit utilizes neural networks and statistical approaches to generate a number of factors from the captured set of actions these factors are used to construct what is called a Mouse Dynamics Signature or MDS, a unique set of values characterizing the user’s behavior over the monitoring period.

Active profiles of a given user compared to the reference profile of a different user

Active profiles compared to the reference profile for the same user

Average Speed for Different Types of Actions, comparing large number of sessions for two different users

Types of Actions Histogram, comparing large number of sessions for two different users

Keystroke dynamics measure the dwell time (the length of time a key is held down) and flight time (the time to move from one key to another) for keyboard actions. collected actions are translated into a number of digraphs or trigraphs. our detection algorithm generates a Keystroke Dynamics Signature or KDS, which is used as a reference user profile and matched against active user profiles to dynamically detect masqueraders.

Di-graph approximation matrices for two different users

Experimental Results 22 participants 9 weeks divided the participants into 2 groups: a group of 10 representing authorized users and a group of 12 representing unauthorized users. false negative rate of 0.651% false positive rate of 1.312%

Simulated Attack: one insider and two outsiders masquerading as a legitimate user MDH: Direction of Movement histogram ATH: Type of Action Histogram ATA: Average Movement Speed for Action Types MSD: Movement Speed compared to Traveled Distance

BioTracker BioTracker provides an automated method of authenticating or verifying an individual based upon physical or behavioral characteristics. A prototype has been implemented and tested in the ISOT lab. PCT patent application with the World Intellectual Property Organization filed by the University of Victoria (PCT/CA2004/000669). Web Site: