KB-IDS Application Design Document1 KB-IDS – Application Design Document Knowledge-based Temporal Abstraction Host- based Intrusion Detection System for.

Slides:

Advertisements

Similar presentations

Purdue University Center for Education and Research in Information Assurance and Security Building a distributed intrusion detection system with Perl Diego.

Advertisements

PlanetLab V3 and beyond Steve Muir Princeton University September 17, 2004.

COMP4710 Senior Design Process Documentation and Deliverables.

May 12, 2015IEEE Network Management Symposium Page-1 Requirements for Configuration Management of IP-based Networks Luis A. Sanchez Chief Technology Officer,

ABHIJIT PATHAK ABHIJIT PATHAK. Roadmap Introduction Introduction System Overview System Overview System Architecture System Architecture Detailed Design.

SOCIAL NETWORK INFORMATION CONSOLIDATION Developers:  Klasquin Tomer  Nisimov Yaron  Rabih Erez Advisors:  Academic: Prof. Elovici Yuval  Technical:

Xyleme A Dynamic Warehouse for XML Data of the Web.

Team: Maya Zalcberg Diana Attar Levona Hershtik Academic advisor: Prof. Ehud Gudes ADD Presentation.

Academic Advisor - Dr. Meir Kelah Technical Advisor - Mr. Roni Stern Members: Shimrit Yacobi Yuval Binenboim Moran Lev Lehman Sharon Shabtai.

Securing Android-based Devices T+91 KB-IDS - Prototype Knowledge-based Temporal Abstraction Host- based Intrusion Detection System for Android Version.

Barak Agiv Itamar Ben-Zaken Barak Nahum Vladislav Smolensky Academic Advisor: Yuval Elovici Professional Advisor: Mira Balaban.

Use cases and requirement specification - 1 Use case diagrams 3 use cases System boundaries Remember: Use case diagramming is a tool, not the requirements.

AGENT-BASED APPROACH FOR ELECTRICITY DISTRIBUTION SYSTEMS University of Jyväskylä University of Vaasa Acknowledgements: Industrial Ontologies Group.

Lecturer: Dr. AJ Bieszczad Chapter 66-1 Object-Oriented analysis and design Special nature of OO development Use cases Design with UML OO system design.

KB-IDS. Academic Advisor: Dr. Yuval Elovici Technical Advisor: Asaf Shabtai Team Members: Eliya Rahamim Elad Ankry Uri Kanonov.

SOCIAL NETWORK INFORMATION CONSOLIDATION Developers:  Klasquin Tomer  Nisimov Yaron  Rabih Erez Advisors:  Academic: Elovici Yuval  Technical: Lesser.

ACADEMIC ADVISOR DR. YUVAL ELOVICI TECHNICAL ADVISOR ASAF SHABTAI TEAM MAOR GUETTA, ARKADY MISHIEV Distributed - KBTA: A Distributed Framework for efficient.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

PARALLEL COMPUTATION OF KNOWLEDGE-BASED TEMPORAL ABSTRACTION Academic advisor Dr. Yuval Elovici Technical advisor Asaf Shabtai Team Maor Guetta, Arkady.

Application Design. Academic Advisor: Dr. Yuval Elovici Professional Advisor: Yuri Granovsky Team: Yuri Manusov Yevgeny Fishman Boris Umansky.

Company: Deutsche Telekom Academic advisor: Yuval Elovici Technical advisor: Assaf Shabtai Project Team:Limor Segev Eran Frieman Carmel Karni Limor Segev,

Generic Simulator for Users' Movements and Behavior in Collaborative Systems.

===!"§ Deutsche Telekom THE UTC-IMON PROJECT Users and Terminals Characterization, Identification and Monitoring On a Net Net Anomaly Detection System.

L. Granado Cardoso, F. Varela, N. Neufeld, C. Gaspar, C. Haen, CERN, Geneva, Switzerland D. Galli, INFN, Bologna, Italy ICALEPCS, October 2011.

Android Middleware Bo Pang

Motivation. Part of Deutsche Telekom project:

Chapter 7 Requirement Modeling : Flow, Behaviour, Patterns And WebApps.

ErdOS: An energy-aware social operating system Further Reading: (*) Narseo Vallina-Rodriguez, Pan Hui, Jon Crowcroft, Andrew Rice. “Exhausting Battery.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

AUTHORS: ASAF SHABTAI, URI KANONOV, YUVAL ELOVICI, CHANAN GLEZER, AND YAEL WEISS "ANDROMALY": A BEHAVIORAL MALWARE DETECTION FRAMEWORK FOR ANDROID.

CSE 548 Advanced Computer Network Security Document Search in MobiCloud using Hadoop Framework Sayan Cole Jaya Chakladar Group No: 1.

1 Software Design Reference: Software Engineering, by Ian Sommerville, Ch. 12 & 13, 5 th edition and Ch. 10, 6 th edition.

Android Husam Abdel Rahman. Introduction Android Operating system is most popular operating system these days with the advance in voice communications.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Academic Advisor: Dr. Yuval Elovici Technical Advisor: Polina Zilberman Team Members: Dmitry Kaganov Rostislav Pinski Eli Shtein Alexander Gorohovski.

1 Software Design Overview Reference: Software Engineering, by Ian Sommerville, Ch. 12 & 13.

1 Network Management: SNMP The roots of education are bitter, but the fruit is sweet. - Aristotle.

Page 1 WWRF Briefing WG2-br2 · Kellerer/Arbanowski · · 03/2005 · WWRF13, Korea Stefan Arbanowski, Olaf Droegehorn, Wolfgang.

Technical Advisor - Mr. Roni Stern Academic Advisor - Dr. Meir Kelah Members: Shimrit Yacobi Yuval Binenboim Moran Lev Lehman Sharon Shabtai.

Page 1 Alliver™ Page 2 Scenario Users Contents Properties Contexts Tags Users Context Listener Set of contents Service Reasoner GPS Navigator.

Checking More Alerting Less PRESENTED BY: AMIN ROIS SINUNG NUGROHO.

1 reTHINK Deliverables, How To Read reThink deliverables quick starter.

Requirement Engineering. Recap Elaboration Behavioral Modeling State Diagram Sequence Diagram Negotiation.

1/14/ :59 PM1/14/ :59 PM1/14/ :59 PM Research overview Koen Victor, 12/2007.

Roles & Responsibilities

January 26, 2016Department of Computer Sciences, UT Austin Characterization of Existing Systems Puneet Chopra Ramakrishna Kotla.

Presentation Layer (Graphical User Interface) AppGUI Logic Layer (Business Logic and data access) Network Discovery Device Information Extraction Network.

Wireless Network Management SANDEEP. Network Management Network management is a service that employs a variety of tools, applications, and devices to.

Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.

A Blackboard-Based Learning Intrusion Detection System: A New Approach

Application Design Document Developers: o Uri Goldenberg o Henry Abravanel o Academic.

Virtual Collaborative Social Living Community for Elderly Kick Off Event WP2 Overview Instituto Pedro Nunes Co-Living 12/3/ Paulo Freitas - Instituto.

Technician Table Editor Academic advisor : Professor Ehud Gudes Technical advisor : Menny Even Danan Team: Olga Peled Doron Avinoam Ira Zaitsev ADD Presentation.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 6/6/2016 1/25 IT076IU Software Engineering Project Review 2.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

© Cloud Security Alliance, 2015 March 2, Agenda © Cloud Security Alliance, 2015 The SecaaS Working Group Recent Activity Charter Category outline/templates.

1 SUMS Requirements Spot universal mote system Team Awesome.

Andromaly Verifying user activity on Android-powered devices using anomaly detection TeamTechnical advisorAcademic advisor Eran Rosenwig Gili Asis Asaf.

WP3 Local Control and Automation Hub,

ARD Presentation January, 2012 BodyPointer.

Java Embedded Network Intrusion Security

Northbound API Dan Shmidt | January 2017

A.R Drone Navigation Authors: Yuri Bakulin, Maxim Kirilov,

The MPAS project Multi-agent Pathfinding Algorithms Simulator

A.R Drone Navigation Authors: Yuri Bakulin, Maxim Kirilov,

Chapter 5 SNMP Management

Chapter 5 SNMP Management

Software Development Process Using UML Recap

Requirements “Content Guide”

Example of Event-Based Video Data (Touch-down Scenario)

Presentation transcript:

KB-IDS Application Design Document1 KB-IDS – Application Design Document Knowledge-based Temporal Abstraction Host- based Intrusion Detection System for Android Version 1.0Team members: Uri Kanonov, Elad Ankry, Eliya Rahamim May 18 th 2009Academic Advisor: Dr. Yuval Elovici Technical Advisor: Asaf Shabtai

Overview  Detailed system architecture  Brief overview of the system requirements  Main classes – Agent  Overview of the KBTA algorithm  Main classes – KBTA Processor  Overview of User Interface  Tasks List  Questions? KB-IDS Application Design Document2

Global architecture KB-IDS Application Design Document3 Graphical User Interface Threat Weighting Unit SQLite KBTA … Processors Service NetProtect Control Center Agent

Primary system requirements Functional Non-Functional  Agent  Feature extraction  Sending of extracted features to processors and Control Center  Receive alerts from the Threat Weighting Unit  KBTA Processor  Processing according to the KBTA algorithm  Producing threat assessments  Threat Weighting Unit  Threat assessment weighting  Sending of assessments to the Agent  Overall CPU usage should be under 10% (must be lightweight) KB-IDS Application Design Document4

Agent - main classes KB-IDS Application Design Document5 Feature Manager SQLite Linux Kernel Application Framework Graphical User Interface Agent Service Processor Manager Configuration Manager Alert Handler Threat Weighting Unit Feature Extractor Monitored Data Processor KBTA Processors NetProtect Control Center

Overview of the KBTA Algorithm Securing Android-based Devices T+96 Knowledge (KBTA Security ontology) Four inference mechanisms: - Temporal Context Forming - Contemporaneous Abstraction - Temporal Interpolation - Temporal Pattern Matching Higher Level Meaningful Temporal Information: - Contexts - Abstractions (Trends, States) - Temporal Patterns Time-Stamped Raw Data: - Primitive Parameters - Events

Overview of the KBTA Algorithm Ontology ontology; InstanceContainer instances; incrementalKBTA(List primitives, List events){ instances.add(primitives); instances.add(events); while (instances.hasNew()){ createContexts(instances, ontology); createAbstractions(instances, ontology); interpolateAbstractions(instances, ontology); } createPatterns(instances, ontology); } Ontology ontology; InstanceContainer instances; incrementalKBTA(List primitives, List events){ instances.add(primitives); instances.add(events); while (instances.hasNew()){ createContexts(instances, ontology); createAbstractions(instances, ontology); interpolateAbstractions(instances, ontology); } createPatterns(instances, ontology); } Securing Android-based Devices T+97

8 Overview of the KBTA Algorithm Example Scenario Apps_With_Permission_Camera Many_Apps_With_Camera_Permission Camera_Usage Pictures_Taken Camera_Abuse Amount of non- system applications with the Camera permission Amount of pictures taken in the last 2 minutes Primitive Legen d Context State Alert

KBTA-Processor- Main Classes KB-IDS Application Design Document9 Service Agent Threat Weighting Unit KBTA-Processor NetProtect Control Center Ontology Instance Container Pattern State Trend Context Primitive Event Threat Assessor Threat Assessment

Overview of User Interface Securing Android-based Devices T+910 Main screen Settings screen Alert screen

Overview of User Interface Securing Android-based Devices T+911 Alert description Alert handled

Task List  KBTA  Context Destructions 19/05/ /05/09  Trend 21/05/ /05/09  Pattern 25/04/ /06/09  Settings Screen 01/06/ /06/09  Sending elements to NetProtect 06/06/ /06/09  Testing 08/06/ /06/09 Securing Android-based Devices T+912

End Questions? KB-IDS Application Design Document13