1 SnIPS Implementation and GUI Tsung-Hsi Wu, M.S.E. Department of Computing and Information Science Kansas State University.

Slides:

Advertisements

Similar presentations

Medical Device Software Development

Advertisements

Airline Reservation System

An empirical approach to modeling uncertainty in Intrusion Analysis Xinming (Simon) Ou 1 S. Raj Rajagopalan 2 Sakthi Sakthivelmurugan 1 1 – Kansas State.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

1 Software Testing and Quality Assurance Lecture 13 - Planning for Testing (Chapter 3, A Practical Guide to Testing Object- Oriented Software)

1 SnIPS Implementation and GUI 3 rd Presentation Tsung-Hsi Wu, M.S.E. Department of Computing and Information Science Kansas State University.

1 sqa13b IEEE Standard for SQAP u IEEE Std –Standard for Software Quality Assurance Plans –12 pages u IEEE Guide for Software Quality Assurance.

GPN 2009 May 29, Kansas City, Missouri An open security defense architecture for open collaborative cyber infrastructures Xinming (Simon) Ou Kansas State.

Sixth Hour Lecture 10:30 – 11:20 am, September 9 Framework for a Software Management Process – Artifacts of the Process (Part II, Chapter 6 of Royce’ book)

Using UML, Patterns, and Java Object-Oriented Software Engineering Royce’s Methodology Chapter 16, Royce’ Methodology.

© ABB AB, Corporate Research - 1 5/19/2015 abb Project Breakdown Structure Creation.

Stepan Potiyenko ISS Sr.SW Developer.

SE 470 Software Development Processes James Nowotarski 21 April 2003.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Your Presentation Title Names of Team members Advisor name EE496A Midterm Presentation Fall, 2006.

1 Lecture 5 Introduction to Software Engineering Overview  What is Software Engineering  Software Engineering Issues  Waterfall Model  Waterfall Model.

Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases Copyright Wonderlane Studios.

Software Verification and Validation (V&V) By Roger U. Fujii Presented by Donovan Faustino.

CORE 1: PROJECT MANAGEMENT Overview TECHNIQUES FOR MANAGING A PROJECT Communication Skills Active Listening Mirroring Paraphrasing Summarizing Clarifying.

Using CLIPS to Detect Network Intrusions - (CLIPNIDS) Phase I MSE Project Sripriya Marry Committee Members Dr. David Gustafson (Major Professor) Dr. Rodney.

CEN 4935 Senior Software Engineering Project Joe Voelmle.

REAL TIME GPS TRACKING SYSTEM MSE PROJECT PHASE 2 PRESENTATION Bakor Kamal CIS 895.

Quality of Information systems. Quality Quality is the degree on which a product satifies the requirements Quality management requires that : that requirements.

BRUE Behavioral Reverse Engineering in UML as Eclipse Plugin MSE Presentation 1 Sri Raguraman.

Chapter 8 : Software Quality Assurance Juthawut Chantharamalee Curriculum of Computer Science Faculty of Science and Technology, Suan Dusit University.

CIS 895 – MSE Project KDD-Research Entity Search Tool (KREST) Presentation 1 Eric Davis

Page 1 MODEL TEST in the small GENERALIZE PROGRAM PROCESS allocated maintenance changes management documents initial requirement project infrastructure.

Bogor-Java Environment for Eclipse MSE Presentation II Yong Peng.

IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.

AgentTool (III) Dynamic MSE Presentation 1 Binti Sepaha.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Why Johnnys' Network got Owned by Evil Hackers Bent on World Domination and Johnny.

Ivan Dontsov, Andy Phenix, Maureen Rottschaefer. Project Outline “The primary objective of this OMSE 2012 Practicum Project is to extend and refine the.

Online Music Store MSE Project Presentation I Presented by: Reshma Sawant Major Professor: Dr. Daniel Andresen.

CIS 895 – MSE Project KDD-Research Entity Search Tool (KREST) Presentation 2 Eric Davis

Multi-agent Research Tool (MART) A proposal for MSE project Madhukar Kumar.

What is a life cycle model?

What is a life cycle model? Framework under which a software product is going to be developed. – Defines the phases that the product under development.

Project Tracking. Questions... Why should we track a project that is underway? What aspects of a project need tracking?

Statistics Monitor of SPMSII Warrior Team Pu Su Heng Tan Kening Zhang.

DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.

Steven Kolenda, Jacob Brown, Johnpaul Barrieau, Jen Bilotta, Felix Rohrer CS673 Software Engineering

Student Curriculum Planning System MSE Project Presentation I Kevin Sung.

Systems Analysis and Design

KS3 Phase4 Client Server Monitoring System October 1, 2008 by Stephen, Seema, Kam, Shpetim.

REAL TIME GPS TRACKING SYSTEM MSE PROJECT PHASE I PRESENTATION Bakor Kamal CIS 895.

Environment Model Building Tool MSE Presentation 1 Esteban Guillen.

MSE Presentation 1 By Padmaja Havaldar- Graduate Student Under the guidance of Dr. Daniel Andresen – Major Advisor Dr. Scott Deloach-Committee Member Dr.

The System and Software Development Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

Natural Language to Machine Readable Format By: Damian Tamayo Presentation 1 – Oct. 12, 2009 CIS 895 – MSE Project.

Page 1 TEST in the large RELEASE REWORK ASSESS packaged application documentation models and source code management documents requirement alloc. matrix.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University July 21, 2008WODA.

Performance Study of Message Passing in an Event Service: Java RMI vs. TCP Sockets Laxminarayan Muktinutalapati (Lux) Department of Computing and Information.

MSE Presentation 1 Lakshmikanth Ganti

Louisiana Tech Capstone Submitted by Capstone 2010 Cyber Security Situational Awareness System.

Greg Steen.  What is Snort?  Snort purposes  Where can it be used?

Kansas State University Purchasing Contracts Management System (KSU – PCMS) Presentation 1 Date : 14 th October 2010 By Arthi Subramanian CIS 895 – MSE.

Presentation Layer (Graphical User Interface) AppGUI Logic Layer (Business Logic and data access) Network Discovery Device Information Extraction Network.

Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 12 Exploring Information System Development.

SYSTEM ANALYSIS AND DESIGN LAB NARZU TARANNUM(NAT)

by: Er. Manu Bansal Deptt of IT Software Quality Assurance.

Implementation of Genetic Algorithms into SNORT, a Network Intrusion Detection System By Brian E. Lavender March 21, 2010 Advisor: Dr. Scott Gordon Department.

Medical Device Software Development

CIS 375 Bruce R. Maxim UM-Dearborn

Bogor-Java Environment for Eclipse

Duration: How long will a lecture take?

An Overview of Requirements Engineering Tools and Methodologies*

Software Quality Assurance (SQA)

Chapter 1 (pages 4-9); Overview of SDLC

Jincheng Gao CIS895 – MSE Project

05 | Desktop Applications

Presentation transcript:

1 SnIPS Implementation and GUI Tsung-Hsi Wu, M.S.E. Department of Computing and Information Science Kansas State University

2 Outline Project Overview Prototype Project Requirements Cost Estimation Software Quality Assurance Plan Phase 2 Deliverables Q&A

3 Outline Project Overview Prototype Project Requirements Cost Estimation Software Quality Assurance Plan Phase 2 Deliverables Q&A

4 Project Overview SnIPS Background - Snort Intrusion Analysis using Proof Strengthening. - Dr. Simon Ou, Siva Raj Rajagopalan (HP Labs), and Sakthiyuvaraja Sakthivelmurugan - An Empirical Approach to Modeling Uncertainty in Intrusion Analysis, 25th Annual Computer Security Applications Conference (ACSAC). - Reason Under Uncertainty.

5 Project Overview Reasoning Engine Which machines are “certainty” compromised ? Answers with evidence Observation Correspondence Internal Model Pre – Processing –> Datalog tuples SnortNetflow filterLog analyzer Reason Under Uncertainty - open source network intrusion detection system - compare the payload of network packets with Snort Rules - alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ATTACK-RESPONSES 403 Forbidden"; flow:from_server,established; content:"HTTP/ "; depth:12; classtype:attempted-recon; sid:1201; rev:7;)

6 Project Overview Reasoning Engine Which machines are “certainty” compromised ? Answers with evidence Observation Correspondence Internal Model Pre – Processing –> Datalog tuples SnortNetflow filterLog analyzer Linux Command: sudo snort -c test.conf -i eth4 Linux Command: python alert translator.py -h Linux Command: summarize.sh Linux Command: trace.sh Linux Command: ?- show_trace(int(compromised(H),c)) GUI int(probeOtherMachine(' ',external),c,range( ,0)) strengthenedPf int(probeOtherMachine(' ',external),l,range( ,0)) summarizedFact skolem(0) int(skol(probeOtherMachine(' ',external)),p,range( , )) intRule_1f int(compromised(' '),l,range( , )) summarizedFact skolem(10) obs(oid_1, snort('1:469', ' ', ' ', )). obs(oid_2, snort('1:469', ' ', ' ', )). int(probeOtherMachine(' ',external),l,skolem(0),range( , )). int(suspicious(external,' '),p,skolem(9),range( , )). int(compromised(' '),l,skolem(10),range( , )). GUI

7 Project Overview Motivation - Need friendly user interface - What triggers the “Snort Alerts ” Goal - GUI - Implementation -> Backtrack the alerts -> Payload triggers Snort Rules

8 Outline Project Overview Prototype Project Requirements Cost Estimation Software Quality Assurance Plan Phase 2 Deliverables Q&A

9 Prototype Demo GUI Framework SnIPS Visualized Output

10 Outline Project Overview Prototype Project Requirements Cost Estimation Software Quality Assurance Plan Phase 2 Deliverables Q&A

11 Project Requirements SnIPS GUI Framework Use Case – SnIPS GUI Component

12 Project Requirements SnIPS GUI Framework - SR 1.1: SnIPS GUI must be extendible -> Object Oriented Design

13 Project Requirements Use Case – SnIPS GUI Component

14 Project Requirements Use Case – SnIPS GUI Component - SR 2(critical): Start and Stop Snort - SR 3(critical): Fetch alerts from MySQL - SR 4(critical): Fetch alerts based on time frame - SR 5(critical): Manage Snort Rules - SR 6(critical): Specify Configuration & Host Info - SR 7(critical): Run Pre-Processing & Reasoning - SR 8(critical): Webpage for Reasoning Engine Output - SR 9(non-critical): Represent Output in Graphical View

15 Outline Project Overview Prototype Project Requirements Cost Estimation Software Quality Assurance Plan Phase 2 Deliverables Q&A

16 Cost Estimation Work Breakdown Structure (WBS) - Tree Structure Diagram Software Artifact Sets (from Walker Royce): - Requirement Set - Design Set - Implementation Set - Deployment Set - Management Set

17 Cost Estimation Work Breakdown Structure (WBS) Management SetRequirement SetDesign Set Implementatio n Set Deployment Set Artifact 1. SQAP 2. Project Plan Project Plan Project Evaluation. 5. Test Plan Testing Evaluation 7. Assessment Evaluation. 8. Formal Requirement Specification 9. Formal Technical Inspection 10. Reference 11. Formal Technical Inspection letters 1. Vision Document Vision Document Architectural Design. 2. Component Design. 1. Prototype Prototype Final Project 1. User Manual.

18 Cost Estimation Work Breakdown Structure (WBS) SnIPS Phase 1Phase 2Phase 3  Management. Set  Requirement. Set  Implementation. Set  Management. Set  Requirement. Set  Design Set  Implementation. Set  Management Set  Design Set  Implementation. Set  Deployment. Set

19 Cost Estimation – Phase 1 WBS Phase 1 Management SetRequirement SetImplementation Set 1. Project Plan SQAP 3. Vision Doc Prototype 1.0 TaskEstimated Duration of TaskTask Dependencies Project Plan hr (10 pages * 3hrs/page ≒ 30) Vision Document 1.0 SQAP 20 hr (7 pages * 3hrs/page ≒ 30) Vision Document 1.0, Project Plan 1.0 Vision Document hr (10 pages * 3hrs/page ≒ 30) Prototype hr (1200 LOC * 30LOC/HR)

20 Cost Estimation – Phase 2 WBS Phase 2 Management SetRequirement SetImplementation Set 1. Project Plan Formal Requirement Specification 3. Formal Technical Inspection 4. Test Plan Vision Doc Prototype 2.0 Design Set 6. Architectural Design 1.0 TaskEstimated Duration of TaskTask Dependencies Project Plan hr (10 pages * 1.5 hrs/page ≒ 30) Vision Document 2.0 Formal Requirement Specification 15 hr (5 pages * 3 hrs/page ≒ 30) Vision Document 2.0 Formal Technical Inspection 2 hr Formal Requirement Specification Test Plan hr (5 pages * 3 hrs/page ≒ 30) Architectural Design 1.0 Vision Document hr (10 pages * 1.5 hrs/page ≒ 30) Architectural Design hr (15 pages * 3 hrs/page ≒ 45) Project Plan 2.0 Prototype hr ( 40 * 2 ≒ 80)

21 Cost Estimation – Phase 3 WBS Phase 3 Management SetDesign SetDeployment Set 1. Project Evaluation 2. Testing Evaluation 3. Assessment Evaluation 4. Reference 5. Formal Technical Inspection Letters 6. Component Design8. User Manual Implementation Set 7. Final Project TaskEstimated Duration of TaskTask Dependencies Project Evaluation 15 hr (5 pages * 3 hrs/page ≒ 15) Testing Evaluation 15 hr (5 pages * 3 hrs/page ≒ 15) Final Project Assessment Evaluation 15 hr (5 pages * 3 hrs/page ≒ 15) Testing Evaluation Reference 3 hr (1 pages * 3 hrs/page ≒ 3) Project and Assessment Evaluation Formal Tech. Inspection. Letters2 hrTesting Evaluation Component Design 45 hr (15 pages * 3 hrs/page ≒ 45) Final Project 120 hr ( 40 * 3 ≒ 120) User Manual 15 hr (5 pages * 3 hrs/page ≒ 15) Testing Evaluation

22 Cost Estimation – Project Timeline

23 Outline Project Overview Prototype Project Requirements Cost Estimation Software Quality Assurance Plan Phase 2 Deliverables Q&A

24 Software Quality Assurance Plan Documentation: Standards, Practices, Convention, and Metrics Reviews and Audits Testing Problem Reporting and Corrective Action Tool, Techniques, and Methodologies Records collection, Maintenance, and Retention

25 Phase 2 Deliverables Vision Document 2.0 Project Plan 2.0 Architectural Design 1.0 Prototype 2.0 Test Plan 1.0 Formal Requirements Specification Formal Technical Inspection

26 Questions & Answers SnIPS Implementation and GUI