Multi-Route Anomaly detection using Principal Component Analysis Adnan Iqbal Superviser Dr. Waqar Mahmood.

Slides:



Advertisements
Similar presentations
Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.
Advertisements

/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.
IDPS (Intrusion Detection & Prevention System )
5-Network Defenses Dr. John P. Abraham Professor UTPA.
Firewall Configuration Strategies
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Multi-Route Anomaly detection using Principal Component Analysis Adnan Iqbal Superviser Dr. Waqar Mahmood
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
1 Weekly Progress (MAGGIE) Adnan Iqbal Superviser Dr. Waqar Mahmood
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Campus Networking Best Practices Session 2: Layer 3 Dale Smith University of Oregon & NSRC
Internet Bastion Hosts Internal Network Router/Firewall Mail FTP
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Internet Traffic Management Prafull Suryawanshi Roll No - 04IT6008.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Using a Cisco Router as a DHCP Server.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Figure 6-1 Growth pattern of Internet hosts MillionMillionMillionMillion.
23 rd Annual Computer Security Application Conference Miami, Florida 12/13/2007 Dongqing Yuan Department of Information Technology Management University.
Internet Traffic Management. Basic Concept of Traffic Need of Traffic Management Measuring Traffic Traffic Control and Management Quality and Pricing.
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
1. 2 Device management refers to the IDS Sensor's ability to dynamically reconfigure the filters and access control lists (ACL) on a router, switch, and.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
SDN based Network Security Monitoring in Dynamic Cloud Networks Xiuzhen CHEN School of Information Security Engineering Shanghai Jiao Tong University,
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
Lecture 7 Network & ISP security. Firewall Simple packet-filters Simple packet-filters evaluate packets based solely on IP headers. Source-IP spoofing.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Lanxin Ma Institute of High Energy physics (IHEP) Chinese Academy of Sciences September 30, 2004 CHEP 2004, Interlaken The Security Protection System at.
Network Security Management Tools. MCNS—Network Security Management Tools—17-2 Copyright  1998, Cisco Systems, Inc. Objectives Describe security vulnerability.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Part V: Monitoring Campus Networks.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Network Security Principles & Practices By Saadat Malik Cisco Press 2003.
Chapter 4  Configuration: Client/Server Components 1 Chapter 4 Overview  Configure client/server components o Network interface card (NIC) o Windows.
CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.
Networks Computer Technology Day 17. Network  Two or more computers and other devices (printers or scanners) that are connected, for the purpose of sharing.
Lincoln Nebraska & France Tai’s Part. Lincoln Nebraska Expansion 175 Computers 175 VOIP Phones T3 Point-to-Point to Data Center OC3 to the Internet 2.
Module 11: Designing Security for Network Perimeters.
Firewalls and proxies Unit objectives
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Module 12: Implementing ISA Server 2004 Enterprise Edition: Back-to-Back Firewall Scenario.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Exploring the Packet Delivery Process.
General Concerns on WWW Security Name: Huaying Chen ID# Instructor: Dr Mort Anvari.
SIS - Security Lab Introductory Session University of Pittsburgh 2008.
Presentation Layer (Graphical User Interface) AppGUI Logic Layer (Business Logic and data access) Network Discovery Device Information Extraction Network.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Lab #2 NET332 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,
A presentation by John Rowley for IUP COSC 356 Dr. William Oblitey Faculty member in attendance.
NETWORK DEVICES Ted Lawson LTEC Hub A hub is a device that allows you to connect multiple devices together, which allows them to act as a single.
Network Devices and Firewalls Lesson 14. It applies to our class…
11 MAINTAINING A NETWORK INFRASTRUCTURE Chapter 9.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
Agenda Current Network Limitations New Network Requirements About Enterasys Security Branch Office Routers Overall Enterprise Requirements Proposed Solution.
Eric Van Horn Cosc 356.  Nearly every organization in todays era uses computers and a network to send, receive, and store information  Very important.
© 2001, Cisco Systems, Inc. CSPFA 2.0—6-1 Chapter 6 Configuring Multiple Interfaces.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
CompTIA Security+ Study Guide (SY0-401)
Introduction An introduction to the software and organization of the Internet Lab.
The sign of success.
Click to edit Master subtitle style
Note: All Public IPs are from Same Range ISP Router
Introduction to Networking
CompTIA Security+ Study Guide (SY0-401)
ISMS Information Security Management System
IS4680 Security Auditing for Compliance
Net 412 (Practical Part) Networks and Communication Department LAB 1.
CT 1306 Communication Networks Management Lab
Network Monitoring Charles Warren.
Read this to find out how the internet works!
Presentation transcript:

Multi-Route Anomaly detection using Principal Component Analysis Adnan Iqbal Superviser Dr. Waqar Mahmood

The concept Idea is to discover anomalies in the whole network and then to compare these network wide anomalies with those of single route anomalies To find out relationship between network wide anomalies and its constituent single route anomalies

Summary Discover a scheme that can be used to get relationship between network wide anomalies and single route anomalies Implement the scheme Perform Regularization of Data Apply the scheme to suitable routes Analyze Results Analysis of Data used in Anomaly Detection

Current Work Study of MIT Lincoln Lab intrusion detection data The Network Inside (Air Force Base) Outside (Internet) DMZ (Connection) Data Sets (98, 99, 2000) 2000 data set (scenario based) LLDOS Scenario One LLDOS Scenario Two Windows NT Attack Data Set

Network 1 Out Side Hosts IP AddressHostnameOperating SystemNotes alpha.apple.eduLinux Redhat 5.0kernel beta.banana.eduSolaris gamma.grape.milSunOS delta.peach.milLinux Redhat 5.0kernel epsilon.pear.comSolaris lambda.orange.comSunOS jupiter.cherry.orgLinux Redhat 5.0kernel saturn.kiwi.orgSolaris mars.avocado.netSunOS pluto.plum.netLinux Redhat 5.0kernel monitor.af.milMacOSAF SNMP monitor calvin.world.net Outside gateway aesop.world.net Outside Web Server loud.world.net Cisco 2514 Router

Network 2 DMZ Hosts IP AddressHostnameOperating SystemNotes loud.eyrie.af.mil Cisco 2514 Router firewall.eyrie.af.mil Sidewinder Firewall plato.eyrie.af.milSolaris 2.6 Simulation Coordinator smith.eyrie.af.milSolaris 2.7 Loghost -- not used solomon.eyrie.af.milSolaris 2.7DMZ Sniffer marx.eyrie.af.milLinux Redhat 4.2kernel

Network 3-1 Inside Hosts IP AddressHostnameOperating SystemNotes firewall-inside.eyrie.af.mil Inside Firewall Interface firewall-inside.eyrie.af.mil Inside Firewall Interface firewall-inside.eyrie.af.mil Inside Firewall Interface firewall-inside.eyrie.af.mil Inside Firewall Interface locke.eyrie.af.milSolaris 2.6Inside Sniffer hobbes.eyrie.af.milLinux Redhat 5.0Inside gateway, kernel pascal.eyrie.af.milSolaris hume.eyrie.af.milWindows NT 4.0Build 1381, Service Pack eagle.eyrie.af.milLinux Redhat 5.0kernel falcon.eyrie.af.milSolaris robin.eyrie.af.milSunOS zeno.eyrie.af.milSunOS duck.eyrie.af.milSunOS swallow.eyrie.af.milLinux Redhat 5.0kernel goose.eyrie.af.milSolaris crow.eyrie.af.milLinux Redhat 5.0kernel finch.eyrie.af.milSunOS swan.eyrie.af.milSolaris pigeon.eyrie.af.milLinux Redhat 5.0kernel pc1.eyrie.af.milWindows 95

Network 3-2 Inside Hosts IP AddressHostnameOperating SystemNotes pc2.eyrie.af.milWindows pc0.eyrie.af.milWindow NT 4.0Build 1381, Service Pack pc5.eyrie.af.milWindows pc3.eyrie.af.milWindows pc4.eyrie.af.milWindows pc7.eyrie.af.milWindows pc9.eyrie.af.milMacOS pc8.eyrie.af.milMacOS pc6.eyrie.af.milWindows linux1.eyrie.af.milLinux Redhat 5.2kernel linux2.eyrie.af.milLinux Redhat 5.0kernel linux3.eyrie.af.milLinux Redhat 5.0kernel linux4.eyrie.af.milLinux Redhat 5.0kernel linux5.eyrie.af.milLinux Redhat 5.0kernel linux6.eyrie.af.milLinux Redhat 5.0kernel linux7.eyrie.af.milLinux Redhat 5.0kernel linux8.eyrie.af.milLinux Redhat 5.0kernel linux9.eyrie.af.milLinux Redhat 5.0kernel linux10.eyrie.af.milLinux Redhat 5.0kernel

Future Work Depends on The out come of MIT Lincoln Lab Data Analysis

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.