Packet Anomaly Intrusion Detection PAID Constantine Manikopoulos and Zheng Zhang New Jersey Center for Wireless Networking and Security (NJWINS) at NJIT.

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

V-Detector: A Negative Selection Algorithm Zhou Ji, advised by Prof. Dasgupta Computer Science Research Day The University of Memphis March 25, 2005.
REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Learning Rules from System Call Arguments and Sequences for Anomaly Detection Gaurav Tandon and Philip Chan Department of Computer Sciences Florida Institute.
Chapter 4 Pattern Recognition Concepts: Introduction & ROC Analysis.
Application of Bayesian Network in Computer Networks Raza H. Abedi.
Performance Evaluation of the Fuzzy ARTMAP for Network Intrusion Detection Nelcileno Araújo Ruy de Oliveira Ed’Wilson Tavares Ferreira Valtemir Nascimento.
Network Traffic Anomaly Detection Based on Packet Bytes Matthew V. Mahoney Florida Institute of Technology
Anomaly Based Intrusion Detection System
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
1 Learning to Detect Objects in Images via a Sparse, Part-Based Representation S. Agarwal, A. Awan and D. Roth IEEE Transactions on Pattern Analysis and.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
Neural Networks. R & G Chapter Feed-Forward Neural Networks otherwise known as The Multi-layer Perceptron or The Back-Propagation Neural Network.
Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.
An Illustrative Example
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
An Introduction To The Backpropagation Algorithm Who gets the credit?
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Neural Networks. Background - Neural Networks can be : Biological - Biological models Artificial - Artificial models - Desire to produce artificial systems.
Lecture 11 Intrusion Detection (cont)
INTRUSION DETECTION SYSTEM
A Signal Analysis of Network Traffic Anomalies Paul Barford with Jeffery Kline, David Plonka, Amos Ron University of Wisconsin – Madison Summer, 2002.
Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.
Where Are the Nuggets in System Audit Data? Wenke Lee College of Computing Georgia Institute of Technology.
A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.
Review – Backpropagation
Using Bayesian Networks for Detecting Network Anomalies Lane Thames ECE 8833 Intelligent Systems.
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY Presented by:Manoj Kumar Gantayat CS: Technical Seminar Presentation by MANOJ KUMAR GANTAYAT.
Pattern Recognition Vidya Manian Dept. of Electrical and Computer Engineering University of Puerto Rico INEL 5046, Spring 2007
PROCESS OF CONDUCTING A DOS/IDS INCIDENT ANALYSIS
1 Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Benchmark H. Güneş Kayacık Nur Zincir-Heywood Malcolm I. Heywood.
Intrusion Detection Using Hybrid Neural Networks Vishal Sevani ( )
Neural Networks AI – Week 23 Sub-symbolic AI Multi-Layer Neural Networks Lee McCluskey, room 3/10
A Data Mining Approach for Building Cost-Sensitive and Light Intrusion Detection Models PI Meeting - July, 2000 North Carolina State University Columbia.
Appendix B: An Example of Back-propagation algorithm
Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.
Statistics 11 Correlations Definitions: A correlation is measure of association between two quantitative variables with respect to a single individual.
Using Neural Networks to Predict Claim Duration in the Presence of Right Censoring and Covariates David Speights Senior Research Statistician HNC Insurance.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.
Learning Rules for Anomaly Detection of Hostile Network Traffic Matthew V. Mahoney and Philip K. Chan Florida Institute of Technology.
Mapping Internet Sensors with Probe Response Attacks Authors: John Bethencourt, Jason Franklin, Mary Vernon Published At: Usenix Security Symposium, 2005.
Open-Eye Georgios Androulidakis National Technical University of Athens.
Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.
Flow Aware Packet Sampling
Artificial Intelligence Center,
Autonomic Response to Distributed Denial of Service Attacks Paper by: Dan Sterne, Kelly Djahandari, Brett Wilson, Bill Babson, Dan Schnackenberg, Harley.
Mapping Internet Sensor With Probe Response Attacks Authors: John Bethencourt, Jason Franklin, and Mary Vernon. University of Wisconsin, Madison. Usenix.
Statistics Visual Representation of Data Part 1 Tables.
The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System Authors : Martin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser.
© 2013 Pearson Education, Inc. Reading Quiz For use with Classroom Response Systems Introductory Statistics: Exploring the World through Data, 1e by Gould.
Network Anomaly Detection Using Autonomous System Flow Aggregates Thienne Johnson 1,2 and Loukas Lazos 1 1 Department of Electrical and Computer Engineering.
DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.
An Introduction To The Backpropagation Algorithm.
Intrusion Detection and Prevention Systems By Colton Delman COSC 454 Information Assurance Management.
Active Learning Lecture Slides
Roland Kwitt & Tobias Strohmeier
DDoS Attack Detection under SDN Context
An Improved Neural Network Algorithm for Classifying the Transmission Line Faults Slavko Vasilic Dr Mladen Kezunovic Texas A&M University.
Intrusion Detection with Neural Networks my awesome graphic ↑
Department of Electrical Engineering
S.N.U. EECS Jeong-Jin Lee Eui-Taik Na
Statistical based IDS background introduction
Modeling IDS using hybrid intelligent systems
Frequency Plot Summary Process Steps
Presentation transcript:

Packet Anomaly Intrusion Detection PAID Constantine Manikopoulos and Zheng Zhang New Jersey Center for Wireless Networking and Security (NJWINS) at NJIT George Mason University September 24-26, 2003

The HIDE/PAID Project NJWINS – US Army SBIR Phase II Research and Development Effort Prototype and Evaluate an Intrusion Detection System for the Tactical Internet of the Digital Battlefield

System Architecture Components –Probe –Event preprocessor –NN classifier –Post processor

System Architecture

Multi-layer Detection

PDF Representation Binned PDF Representation S be the sample space of a random variable events E 1­, E 2,…, E k a mutually exclusive partition of S P i is the expected probability of the occurrence of the event E i P i ’ be the frequency of the occurrence of E i during a given time interval

Similarity Measuring Algorithms  2 -like test. Kolmogorov-Smirnov test. Anderson-Darling’s statistic. Kupier’s statistic. Others.

Similarity Measuring Algorithms p i is the expected probability of event E i. P i ’ is the observed probability of event E i during a time interval. f(N) is a function that takes into account the total number of occurrences during a time window.

Reference Model Updating Reference Model Updating Algorithm p old is the reference model before updating P new is the reference model after updating  is a programmable predefined adaptation rate s is a learning rate determined by the outputs of the neural network

HIDE/PAID: User Interface

Two-Dimensional Scatter Plots

Two-dimensional Scatter Plots

Sample Visualization Normal Attack traffic

Data Description DARPA’98 Intrusion Detection Evaluation Data Set –Seven weeks of training data –Two weeks of testing data (not used because the attack truth is not available) –Categories of the simulated attacks: DOS, Probe, R2L, U2R

System Configuration Only Non-stealthy DOS attacks are tested: –Neptune (SYN flooding), –Pod (Ping-of-Death), –Smurf (ICMP flooding), –Teardrop (Pathetic IP Fragmentation) PDF Observation Time Window: 30s. Classifier: Backpropagation with 4 hidden neurons

Detection Results on y98w1d3 # of Samples1970 # of Attacks2 # of True Positives2 # of True Negatives1968 # of False Positives0 # of False Negatives0 # of Misclassifications0

Detection Results on y98w3d4 # of Samples2520 # of Attacks104 # of True Positives104 # of True Negatives2416 # of False Positives0 # of False Negatives0 # of Misclassifications0

Detection Results on y98w4d2 # of Samples1769 # of Attacks15 # of True Positives14 # of True Negatives1742 # of False Positives12 # of False Negatives1 # of Misclassifications13

Detection Results on y98w4d3 # of Samples1649 # of Attacks2 # of True Positives2 # of True Negatives1647 # of False Positives0 # of False Negatives0 # of Misclassifications0

Detection Results on y98w5d1 # of Samples926 # of Attacks64 # of True Positives64 # of True Negatives862 # of False Positives0 # of False Negatives0 # of Misclassifications0

Detection Results on y98w5d2 # of Samples2335 # of Attacks3 # of True Positives3 # of True Negatives2332 # of False Positives0 # of False Negatives0 # of Misclassifications0

Detection Results on y98w5d4 # of Samples519 # of Attacks176 # of True Positives171 # of True Negatives343 # of False Positives0 # of False Negatives5 # of Misclassifications5

Detection Results on y98w5d5 # of Samples2315 # of Attacks108 # of True Positives108 # of True Negatives2207 # of False Positives0 # of False Negatives0 # of Misclassifications0

Detection Results on y98w6d1 # of Samples4911 # of Attacks11 # of True Positives11 # of True Negatives4885 # of False Positives15 # of False Negatives0 # of Misclassifications15

Detection Results on y98w6d2 # of Samples2438 # of Attacks1 # of True Positives1 # of True Negatives2437 # of False Positives0 # of False Negatives0 # of Misclassifications0

Detection Results on y98w6d3 # of Samples2504 # of Attacks107 # of True Positives107 # of True Negatives2397 # of False Positives0 # of False Negatives0 # of Misclassifications0

Detection Results on y98w6d4 # of Samples1202 # of Attacks284 # of True Positives284 # of True Negatives912 # of False Positives6 # of False Negatives0 # of Misclassifications6

Detection Results on y98w6d5 # of Samples1297 # of Attacks54 # of True Positives53 # of True Negatives1242 # of False Positives1 # of False Negatives0 # of Misclassifications1

Detection Results on y98w7d2 # of Samples2438 # of Attacks1 # of True Positives1 # of True Negatives2437 # of False Positives0 # of False Negatives0 # of Misclassifications0

Detection Results on y98w7d3 # of Samples1897 # of Attacks1 # of True Positives0 # of True Negatives1895 # of False Positives1 # of False Negatives1 # of Misclassifications2

Detection Results on y98w7d4 # of Samples5154 # of Attacks4 # of True Positives4 # of True Negatives5150 # of False Positives0 # of False Negatives0 # of Misclassifications0

Detection Results on y98w7d5 # of Samples1369 # of Attacks119 # of True Positives111 # of True Negatives1250 # of False Positives0 # of False Negatives8 # of Misclassifications8

Summary (1) Total # of Samples39015 Total # of Attacks1060 Total # of Misclassifications50 Total # of False Positives35 Total # of False Negatives15 Misclassification Rate0.128% False Positive Rate0.0898% False Negative Rate1.42%

Summary (2) Attack# of Samples# of False Negatives False Negative Rate Neptune % Pod2400 Smurf26600 Teardrop9222.2%

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.