Neural Technology and Fuzzy Systems in Network Security Project Progress 2 Group 2: Omar Ehtisham Anwar 2005-02-0129 Aneela Laeeq 2005-02-0023.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

FIREWALLS Chapter 11.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
IDS/IPS Definition and Classification
Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
Wireless LAN Topology Visualiser Project Supervisor: Dr Arkady Zaslavsky Project Team Members: Jignesh Rambhia Robert Mark Bram Tejas Magia.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Lesson 19: Configuring Windows Firewall
seminar on Intrusion detection system
Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar Aneela Laeeq
Tutorial 11: Connecting to External Data
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.
Security Guidelines and Management
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
1 © Goharian & Grossman 2003 Introduction to Data Mining (CS 422) Fall 2010.
Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)
Hands-On Microsoft Windows Server 2008
Penetration Testing Security Analysis and Advanced Tools: Snort.
Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.
Chapter 7 Web Content Mining Xxxxxx. Introduction Web-content mining techniques are used to discover useful information from content on the web – textual.
Honeypot and Intrusion Detection System
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
COEN 252: Computer Forensics Network Analysis and Intrusion Detection with Snort.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Adaptive Data Visualization Packet Information Collection and Transformation for Network Intrusion Detection and Prevention Richard A. Aló,
C6 Databases. 2 Traditional file environment Data Redundancy and Inconsistency: –Data redundancy: The presence of duplicate data in multiple data files.
7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Lesson 11: Configuring and Maintaining Network Security
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Cryptography and Network Security Sixth Edition by William Stallings.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Role Of Network IDS in Network Perimeter Defense.
1 Chapter Overview Monitoring Access to Shared Folders Creating and Sharing Local and Remote Folders Monitoring Network Users Using Offline Folders and.
IEEE AI - BASED POWER SYSTEM TRANSIENT SECURITY ASSESSMENT Dr. Hossam Talaat Dept. of Electrical Power & Machines Faculty of Engineering - Ain Shams.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Monitoring Systems Richard Newman. Security in Depth Layered Security – Physical access control – Identification and Authentication – know who is using.
Profiling: What is it? Notes and reflections on profiling and how it could be used in process mining.
Architecture Review 10/11/2004
Top 5 Open Source Firewall Software for Linux User
Computer Data Security & Privacy
Security Methods and Practice CET4884
Securing the Network Perimeter with ISA 2004
Network Load Balancing
Firewalls.
An Enhanced Support Vector Machine Model for Intrusion Detection
TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
The Naïve Bayes (NB) Classifier
FIREWALL.
Presentation transcript:

Neural Technology and Fuzzy Systems in Network Security Project Progress 2 Group 2: Omar Ehtisham Anwar Aneela Laeeq

Neural Techniques IPS tools are based on static rules alone IPS tools are based on static rules alone Neural Techniques seek to classify all new events and highlight those that appear most threatening Neural Techniques seek to classify all new events and highlight those that appear most threatening Neural Techniques allow the security expert to be the final arbiter Neural Techniques allow the security expert to be the final arbiter

Fuzzy Clustering Fuzzy Clustering Creates a baseline profile of the network in various states by “training” itself Creates a baseline profile of the network in various states by “training” itself Establishes patterns and does not determine an exact profile of what a user does Establishes patterns and does not determine an exact profile of what a user does Uses algorithms that identify these patterns and separates clusters accordingly Uses algorithms that identify these patterns and separates clusters accordingly Kernel Classifier Kernel Classifier Determines which existing cluster a new event most likely belongs to Determines which existing cluster a new event most likely belongs to Classifies events according to how far away they are from the norm (any existing cluster) Classifies events according to how far away they are from the norm (any existing cluster) Events farthest away bubble to the top where administrators take manual action Events farthest away bubble to the top where administrators take manual action Uses algorithms based on non-linear distribution laws, which use statistics to track what happens over extended periods of time Uses algorithms based on non-linear distribution laws, which use statistics to track what happens over extended periods of time The Neural Security Layer

Clusters Clusters A set of XML files that become model filters or knowledge base for the network resource being monitored A set of XML files that become model filters or knowledge base for the network resource being monitored The knowledge base is continually updated based on: The knowledge base is continually updated based on: Results of day-to-day activities Results of day-to-day activities Data from third-party sources, such as IDS signatures Data from third-party sources, such as IDS signatures

Six Steps to Producing Security Intelligence 1) Designate Data: Data can be system log entries or any other raw or formatted measure of activity in the environment. 2) Model Analyst Expertise: Variables, weights, centers and pertinent even knowledge comprise the analytic or data mining model are configured based on the specific analysis requirements and the unique attributes of the particular environment. 3) Train Model: Process of organizing the designated security data into multi-dimensional “event vectors” within the context of the analytic models. This establishes the baseline activity. 4) Generate Knowledge: Live or offline data is compared against the contents of the training baseline and classified accordingly. 5) Teach Model: User-supervision and infusion of expert knowledge essential to accurate event classification and system base-lining and to filter out non-threatening anomalous activity. 6) Leverage Knowledge: System output is invaluable for the real-time or offline analysis, detection and prevention of any type of potentially internal and external criminal activity or system misuse.

Neural Security (NS) Tool Monitors activity on Microsoft Internet Information Server (IIS) Web servers Monitors activity on Microsoft Internet Information Server (IIS) Web servers Preconfigured to monitor activity on a single IIS server or an entire server farm Preconfigured to monitor activity on a single IIS server or an entire server farm In training mode, examines IIS logs to determine normal activity of the server and creates its clusters In training mode, examines IIS logs to determine normal activity of the server and creates its clusters Comes with a knowledge base of known IIS exploits Comes with a knowledge base of known IIS exploits Unlike rule-based security systems, NS quickly adapts to each unique installation and will continue to adapt as more information is added to its knowledge base Unlike rule-based security systems, NS quickly adapts to each unique installation and will continue to adapt as more information is added to its knowledge base

Neural Security (NS) Tool Training Mode Training Mode Organize IIS-specific data into clusters that reflect normal use patterns (both trusted and untrusted) within the server environment Organize IIS-specific data into clusters that reflect normal use patterns (both trusted and untrusted) within the server environment Process or organizing clusters guided through the use of a built- in knowledge base of published attack signatures Process or organizing clusters guided through the use of a built- in knowledge base of published attack signatures Monitor Mode Monitor Mode Compare all incoming requests to IIS against the Training Database to determine whether it falls within acceptable distance of trusted activity Compare all incoming requests to IIS against the Training Database to determine whether it falls within acceptable distance of trusted activity Within limits of trusted activity: Process Continues Within limits of trusted activity: Process Continues Outside limits of trusted activity: Initiate whatever action has been configured e.g. post an on-screen alert, block untrusted connection or shut down IIS Outside limits of trusted activity: Initiate whatever action has been configured e.g. post an on-screen alert, block untrusted connection or shut down IIS

Neural Security (NS) Tool Maintenance Maintenance Proper classification of events is essential Proper classification of events is essential Maintain as Security Alerts are displayed, or Maintain as Security Alerts are displayed, or Review Security Alert Log periodically Review Security Alert Log periodically After re-classification of events, “Re-Train” database After re-classification of events, “Re-Train” database NS remembers correct classification and characteristics of events, which is then applicable to the analysis of subsequent events NS remembers correct classification and characteristics of events, which is then applicable to the analysis of subsequent events

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.