Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

Abstract There is significant need to improve existing techniques for clustering multivariate network traffic flow record and quickly infer underlying.
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Application of Bayesian Network in Computer Networks Raza H. Abedi.
Performance Evaluation of the Fuzzy ARTMAP for Network Intrusion Detection Nelcileno Araújo Ruy de Oliveira Ed’Wilson Tavares Ferreira Valtemir Nascimento.
Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Intrusion Detection and Containment in Database Systems Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur.
IDS/IPS Definition and Classification
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
seminar on Intrusion detection system
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.
Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.
Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.
1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.
DARPA Challenges for Anomaly Detection of Program Exploits Anup K. Ghosh, Ph.D. DARPA/ATO JHU Workshop on Intrusion Detection Johns Hopkins University.
Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)
Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.
CS548 Spring 2015 Anomaly Detection Showcase Anomaly-based Network Intrusion Detection (A-NIDS) by Nitish Bahadur, Gulsher Kooner, Caitlin Kuhlman 1.
A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.
Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.
A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet.
Presentation by : Samad Najjar Enhancing the performance of intrusion detection system using pre-process mechanisms Supervisor: Dr. L. Mohammad Khanli.
Detecting Network Violation Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming.
Intrusion Detection Adam Ashenfelter Nicholas J. Tyrrell.
Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.
IIT Indore © Neminah Hubballi
Signature Based and Anomaly Based Network Intrusion Detection
INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.
Data Mining Approaches for Intrusion Detection Wenke Lee and Salvatore J. Stolfo Computer Science Department Columbia University.
AUTHORS: ASAF SHABTAI, URI KANONOV, YUVAL ELOVICI, CHANAN GLEZER, AND YAEL WEISS "ANDROMALY": A BEHAVIORAL MALWARE DETECTION FRAMEWORK FOR ANDROID.
23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.
An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.
Intrusion Control. CSCE Farkas2 Readings Lecture Notes Pfleeger: Chapter 7.5.
Implementation of Machine Learning and Chaos Combination for Improving Attack Detection Accuracy on Intrusion Detection System (IDS) Bisyron Wahyudi Kalamullah.
1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.
Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.
Intrusion Detection State of the Art/Practice Anita Jones University of Virginia.
Cryptography and Network Security Sixth Edition by William Stallings.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”
Anomaly Detection.
Intrusion Detection System
PANACEA: AUTOMATING ATTACK CLASSIFICATION FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEMS Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao.
Anomaly Detection. Network Intrusion Detection Techniques. Ştefan-Iulian Handra Dept. of Computer Science Polytechnic University of Timișoara June 2010.
Data Warehousing Data Mining Privacy. Reading FarkasCSCE Spring
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
Some Great Open Source Intrusion Detection Systems (IDSs)
Intrusion Detection using Deep Neural Networks
Ch.22 INTRUSION DETECTION
(A CORPORATE NETWORK APPROACH)
Access control techniques
Intrusion Control.
Intrusion Detection Systems
BotCatch: A Behavior and Signature Correlated Bot Detection Approach
Intrusion Detection & Prevention
Security Monitoring for Network Protocols and Applications
A survey of network anomaly detection techniques
Intrusion Detection Systems
Presentation transcript:

copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure Information Systems George Mason University ise.gmu.edu/~csis

copyright 2002, Center for Secure Information Systems 2 Limitations of current intrusion detection systems  Use misuse detection techniques  Designed to detect well-known attacks (attack signatures) and their slight variations  Limitations –Require prior knowledge of attacks –Unable to detect novel attacks –Difficulty of gathering the required information –Operation is labor intensive –High false alarm rate –Cannot deal with large volume of data

copyright 2002, Center for Secure Information Systems 3 Anomaly detection  Designed to capture any deviation from the established profiles of users and systems normal behavior patterns  Advantage  Has potential to detect new attacks  Disadvantage  Requires prior knowledge of systems and user’s normal behavior

copyright 2002, Center for Secure Information Systems 4 Current research efforts Network-based anomaly detection systems –Analyze TCP/IP traffic data –Aim to detect DOS and Probe attacks as well as attacks with repeating behavior

copyright 2002, Center for Secure Information Systems 5 GoalsGoals  Process efficiently with large volume of audit trails to achieve fast and ideally real time intrusion detection  Reduce false alarm rate  Detect new attacks

copyright 2002, Center for Secure Information Systems 6 Basic architecture Composed of 3 modules:  Preprocessing Engine  Mining Engine  Classification Engine Works in 2 phases :  Training Phase  Detecting Phase

copyright 2002, Center for Secure Information Systems 7 Training phase Static mining Training (attack-free) data profile Dynamic mining Training data Feature selection Labeler: false alarms attacks Decision tree

copyright 2002, Center for Secure Information Systems 8 Detecting phase Feature selection Test data Dynamic mining profile Decision tree Attacks, False alarms, Unknown

copyright 2002, Center for Secure Information Systems 9 ChallengesChallenges  Better test data  Training data  How to obtain good training data  What if training data is not available  More interesting attacks

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.