1 A Queuing Formulation of Intrusion Detection with Active and Passive Responses Wei T. Yue, Metin Cakanyildirim, Young U. Ryu Department of Information.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Using Robots as Fire-fighting Agents Anindita Das Department of Electrical and Computer Engineering University of Texas at Austin
The World of Access Controls
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.
1 Dynamic Adaptation of Temporal Event Correlation Rules Rean Griffith‡, Gail Kaiser‡ Joseph Hellerstein*, Yixin Diao* Presented by Rean Griffith
AMS-OMS Integration: From an Operations Point of View Chris Darby Distribution Operation Center Manager 1.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of.
Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
Analyzing Multi-channel MAC Protocols for Underwater Sensor Networks Presenter: Zhong Zhou.
1 An Experimental Analysis of BGP Convergence Time Timothy Griffin AT&T Research & Brian Premore Dartmouth College.
TH EDA NTHU-CS VLSI/CAD LAB 1 Re-synthesis for Reliability Design Shih-Chieh Chang Department of Computer Science National Tsing Hua University.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
seminar on Intrusion detection system
Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Host Intrusion Prevention Systems & Beyond
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Department Of Computer Engineering
Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Dimitrios Konstantas, Evangelos Grigoroudis, Vassilis S. Kouikoglou and Stratos Ioannidis Department of Production Engineering and Management Technical.
A Hybrid Model to Detect Malicious Executables Mohammad M. Masud Latifur Khan Bhavani Thuraisingham Department of Computer Science The University of Texas.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 5 – Implementing Intrusion Prevention.
A.C. Chen ADL M Zubair Rafique Muhammad Khurram Khan Khaled Alghathbar Muddassar Farooq The 8th FTRA International Conference on Secure and.
1 Issues in Benchmarking Intrusion Detection Systems Marcus J. Ranum.
Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.
Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.
23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.
An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.
Who Is Peeping at Your Passwords at Starbucks? To Catch an Evil Twin Access Point DSN 2010 Yimin Song, Texas A&M University Chao Yang, Texas A&M University.
One-class Training for Masquerade Detection Ke Wang, Sal Stolfo Columbia University Computer Science IDS Lab.
By Jim White WiredCity, Div. of OSIsoft Copyright c 2004 OSIsoft Inc. All rights reserved. Cyber Security Tools.
Chapter 5: Implementing Intrusion Prevention
POLICY ENGINE Research: Design & Language IRT Lab, Columbia University.
Contingency-Constrained PMU Placement in Power Networks
1 Figure 10-4: Intrusion Detection Systems (IDSs) IDSs  Event logging in log files  Analysis of log file data  Alarms Too many false positives (false.
Snort Intrusion detection system Charles Beckmann Anthony Magee Vijay Iyer.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
NET 324 D Networks and Communication Department Lec1 : Network Devices.
Consensus Extraction from Heterogeneous Detectors to Improve Performance over Network Traffic Anomaly Detection Jing Gao 1, Wei Fan 2, Deepak Turaga 2,
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
CS526: Information Security Chris Clifton November 25, 2003 Intrusion Detection.
Network Topologies.
Advanced Virus Protection: A Strategic Blueprint to Repel the Next Attack Presented by Paul Schmehl Information Security Officer University of Texas at.
Price range varies from $17.99 to $34.99 or more. Device 1 Device 2 Network Connection.
Presented by Yu-Shun Wang Advisor: Frank, Yeong-Sung Lin Near Optimal Defense Strategies to Minimize Attackers’ Success Probabilities for networks of Honeypots.
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
Enterprise Security Management Franklin Tinsley COSC 481.
Some Great Open Source Intrusion Detection Systems (IDSs)
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
Brian Thompson1,2, James Morris-King1,2, and Hasan Cam1
Proventia Network Intrusion Prevention System
Intrusion Detection Systems
CompTIA Security+ Study Guide (SY0-501)
Intelligent Data Analysis Lab Print this poster in sizes
IS4680 Security Auditing for Compliance
Detecting Targeted Attacks Using Shadow Honeypots
TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.
Chapter 3 VLANs Chaffee County Academy
Autonomous Network Alerting Systems and Programmable Networks
OpenSec:Policy-Based Security Using Software-Defined Networking
—ROC curves for each simple test compared with NCS (gold standard) plotting the sensitivity versus 1-specificity (the false-positive rate) for different.
Presentation transcript:

1 A Queuing Formulation of Intrusion Detection with Active and Passive Responses Wei T. Yue, Metin Cakanyildirim, Young U. Ryu Department of Information Systems and Operations Management School of Management The University of Texas at Dallas Richardson, Texas , USA

2 Introduction Traditional IDS response tends to be passive – “passive response” Secondary investigation required because IDS is still imperfect Secondary investigation may not occur instantaneously These days, IDS can be set up to respond to events automatically – “active response”

3 Introduction Active response – dropping connection, reconfiguring networking devices (firewalls, routers), additional intelligence mining (honeypots) We only consider terminating connection

4 Introduction In the intrusion detection process, IDS configuration decision and the alarm investigation decision are related Alarm investigation resource would affect the delays in response in both active and passive response If multiple alarm types involved, which alarm to investigate is an issue

5 Research Goals Finding the corresponding configuration and investigation decision for the active and passive response approach Determine the “switching” policy on intrusion response

6 Problem Description Passive response potential damage cost - resulting from alarmed events not investigated immediately low false alarm costs since alarmed events are not disrupted

7 Problem Description Active response It could prevent attack damage because the events are terminated immediately higher false alarm costs contingent on the performance of the IDS

8 Problem Description - Active response: false alarm cost is related to delay - Passive response: damage cost is related to delay

9 Problem Description Undetected, or non-alarmed intrusive events are assumed to be the same for the two response approach Given the parameter values, the decisions involved with the active and passive response approaches are different

10 IDS Quality: ROC curve A representation of IDS quality – detection rates ((P F )) and false alarm rate (P F ) IDS quality can be determined experimentally – MIT Lincoln Lab (Lippman et al 2000a 200b), Columbia IDS group (Lee and Stolfo, 2000), etc

11 IDS Quality: ROC curve

12 A Queuing Model of Intrusion Detection Benign and intrusive event arrivals – Independent Poisson process with rate B and I N – number of investigator µ - investigation rate E(W(P F,N)) =1/{N µ-P F B -  (P F ) I }

13 A Queuing Model of Intrusion Detection: Active Response

14 A Queuing Model of Intrusion Detection: Passive Response

15 A Queuing Model of Intrusion Detection We rewrite the N in terms of slack service rate S S = N-P F B -(P F ) I

16 Linear Piecewise ROC

17 Optimal Configuration and Investigation

18 Hybrid Response

19 Hybrid Response

20 Derive optimal intrusion detection decisions with linear piecewise function Extend the study with other types of ROC functions Include multiple types of alarm Conclusion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.