Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar 2005-02-0129 Aneela Laeeq 2005-02-0023.

Slides:

Advertisements

Similar presentations

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Advertisements

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1.Data categorization 2.Information 3.Knowledge 4.Wisdom 5.Social understanding Which of the following requires a firm to expend resources to organize.

Data Mining and Intrusion Detection

IDS/IPS Definition and Classification

Chapter 9 Business Intelligence Systems

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

Neural Technology and Fuzzy Systems in Network Security Project Progress 2 Group 2: Omar Ehtisham Anwar Aneela Laeeq

Classification of Music According to Genres Using Neural Networks, Genetic Algorithms and Fuzzy Systems.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

seminar on Intrusion detection system

Project Description The project basically consists of three main components-Attacker, Defender, and Observer. Our project scenario is the following: A.

Esri International User Conference | San Diego, CA Technical Workshops | Esri Tracking Solutions: Working with real-time data Adam Mollenkopf David Kaiser.

Lecture 11 Intrusion Detection (cont)

Department Of Computer Engineering

Intrusion Detection System Marmagna Desai [ 520 Presentation]

Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.

Data Mining By Andrie Suherman. Agenda Introduction Major Elements Steps/ Processes Tools used for data mining Advantages and Disadvantages.

WAC/ISSCI Automated Anomaly Detection Using Time-Variant Normal Profiling Jung-Yeop Kim, Utica College Rex E. Gantenbein, University of Wyoming.

1 © Goharian & Grossman 2003 Introduction to Data Mining (CS 422) Fall 2010.

Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)

0 The Facts Don’t Speak For Themselves: AHRQ 2007 HS Kaplan R Levitan B Rabin Fastman CUMC/NYPH Getting the Story from Aggregate Data AHRQ 2007.

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.

Data Management Turban, Aronson, and Liang Decision Support Systems and Intelligent Systems, Seventh Edition.

Ihr Logo Chapter 5 Business Intelligence: Data Warehousing, Data Acquisition, Data Mining, Business Analytics, and Visualization Turban, Aronson, and Liang.

Chapter 7 Web Content Mining Xxxxxx. Introduction Web-content mining techniques are used to discover useful information from content on the web – textual.

Using Neural Networks in Database Mining Tino Jimenez CS157B MW 9-10:15 February 19, 2009.

Introduction to Data Mining Group Members: Karim C. El-Khazen Pascal Suria Lin Gui Philsou Lee Xiaoting Niu.

Bayesian networks Classification, segmentation, time series prediction and more. Website: Twitter:

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Some working definitions…. ‘Data Mining’ and ‘Knowledge Discovery in Databases’ (KDD) are used interchangeably Data mining = –the discovery of interesting,

Fuzzy Network Profiling for Intrusion Detection Dickerson, J.E.; Dickerson, J.A. Fuzzy Information Processing Society, NAFIPS. 19th International.

Data Mining Knowledge on rough set theory SUSHIL KUMAR SAHU.

Adaptive Data Visualization Packet Information Collection and Transformation for Network Intrusion Detection and Prevention Richard A. Aló,

Copyright 2014 Open Networking User Group. All Rights Reserved Confidential Not For Distribution Six Steps To A Common Open Networking Ecosystem Common.

The Perceptron. Perceptron Pattern Classification One of the purposes that neural networks are used for is pattern classification. Once the neural network.

7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.

SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.

1 Topics about Data Warehouses What is a data warehouse? How does a data warehouse differ from a transaction processing database? What are the characteristics.

Chapter 5: Business Intelligence: Data Warehousing, Data Acquisition, Data Mining, Business Analytics, and Visualization DECISION SUPPORT SYSTEMS AND BUSINESS.

Intelligent Database Systems Lab N.Y.U.S.T. I. M. Externally growing self-organizing maps and its application to database visualization and exploration.

DATA MINING WITH CLUSTERING AND CLASSIFICATION Spring 2007, SJSU Benjamin Lam.

Artificial Intelligence Project #3 : Diagnosis Using Bayesian Networks May 19, 2005.

Cryptography and Network Security Sixth Edition by William Stallings.

Artificial Intelligence Center,

LogTree: A Framework for Generating System Events from Raw Textual Logs Liang Tang and Tao Li School of Computing and Information Sciences Florida International.

Copyright © 2001, SAS Institute Inc. All rights reserved. Data Mining Methods: Applications, Problems and Opportunities in the Public Sector John Stultz,

PANACEA: AUTOMATING ATTACK CLASSIFICATION FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEMS Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao.

A field of study that encompasses computational techniques for performing tasks that require intelligence when performed by humans. Simulation of human.

Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.

© Prentice Hall1 DATA MINING Web Mining Margaret H. Dunham Department of Computer Science and Engineering Southern Methodist University Companion slides.

IEEE AI - BASED POWER SYSTEM TRANSIENT SECURITY ASSESSMENT Dr. Hossam Talaat Dept. of Electrical Power & Machines Faculty of Engineering - Ain Shams.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

Profiling: What is it? Notes and reflections on profiling and how it could be used in process mining.

Unveiling Zeus Automated Classification of Malware Samples Abedelaziz Mohaisen Omar Alrawi Verisign Inc, VA, USA Verisign Labs, VA, USA

Monitoring Systems Richard Newman. Security in Depth Layered Security – Physical access control – Identification and Authentication – know who is using.

Profiling: What is it? Notes and reflections on profiling and how it could be used in process mining.

A Generic Approach to Big Data Alarms Prioritization

Top 5 Open Source Firewall Software for Linux User

School of Computer Science & Engineering

Technology & Analytics

An Enhanced Support Vector Machine Model for Intrusion Detection

A survey of network anomaly detection techniques

Towards a Personal Briefing Assistant

The Naïve Bayes (NB) Classifier

Metadata The metadata contains

DSS Concepts, Methodologies and Technologies

Yining ZHAO Computer Network Information Center,

Modeling IDS using hybrid intelligent systems

Presentation transcript:

Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar Aneela Laeeq

Neural Techniques IPS tools are based on static rules alone IPS tools are based on static rules alone Neural Techniques seek to classify all new events and highlight those that appear most threatening Neural Techniques seek to classify all new events and highlight those that appear most threatening Neural Techniques allow the security expert to be the final arbiter Neural Techniques allow the security expert to be the final arbiter

Fuzzy Clustering Fuzzy Clustering Creates a baseline profile of the network in various states by “training” itself Creates a baseline profile of the network in various states by “training” itself Establishes patterns and does not determine an exact profile of what a user does Establishes patterns and does not determine an exact profile of what a user does Uses algorithms that identify these patterns and separates clusters accordingly Uses algorithms that identify these patterns and separates clusters accordingly Kernel Classifier Kernel Classifier Determines which existing cluster a new event most likely belongs to Determines which existing cluster a new event most likely belongs to Classifies events according to how far away they are from the norm (any existing cluster) Classifies events according to how far away they are from the norm (any existing cluster) Events farthest away bubble to the top where administrators take manual action Events farthest away bubble to the top where administrators take manual action Uses algorithms based on non-linear distribution laws, which use statistics to track what happens over extended periods of time Uses algorithms based on non-linear distribution laws, which use statistics to track what happens over extended periods of time The Neural Security Layer

Clusters Clusters A set of XML files that become model filters or knowledge base for the network resource being monitored A set of XML files that become model filters or knowledge base for the network resource being monitored The knowledge base is continually updated based on: The knowledge base is continually updated based on: Results of day-to-day activities Results of day-to-day activities Data from third-party sources, such as IDS signatures Data from third-party sources, such as IDS signatures

Six Steps to Producing Security Intelligence 1) Designate Data: Data can be system log entries or any other raw or formatted measure of activity in the environment. 2) Model Analyst Expertise: Variables, weights, centers and pertinent even knowledge comprise the analytic or data mining model are configured based on the specific analysis requirements and the unique attributes of the particular environment. 3) Train Model: Process of organizing the designated security data into multi-dimensional “event vectors” within the context of the analytic models. This establishes the baseline activity. 4) Generate Knowledge: Live or offline data is compared against the contents of the training baseline and classified accordingly. 5) Teach Model: User-supervision and infusion of expert knowledge essential to accurate event classification and system base-lining and to filter out non-threatening anomalous activity. 6) Leverage Knowledge: System output is invaluable for the real-time or offline analysis, detection and prevention of any type of potentially internal and external criminal activity or system misuse.