An Agent-based Bayesian Forecasting Model for Enhancing Network Security J. PIKOULAS, W.J. BUCHANAN, Napier University, Edinburgh, UK. M. MANNION, Glasgow.

Slides:

Advertisements

Similar presentations

Module X Session Hijacking

Advertisements

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Auditing Computer-Based Information Systems

PEER-TO-PEER Is a type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architectures,

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Securing the Borderless Network March 21, 2000 Ted Barlow.

Information Security Policies and Standards

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Kerberos Authenticating Over an Insecure Network.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

Lecture 11 Reliability and Security in IT infrastructure.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

COEN 252: Computer Forensics Router Investigation.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Lecture 11 Intrusion Detection (cont)

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

HiVision SNMP Software.

SSH Secure Login Connections over the Internet

APA of Isfahan University of Technology In the name of God.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

1 Defining Network Security Security is prevention of unwanted information transfer What are the components? –...Physical Security –…Operational Security.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Anderson School of Management University of New Mexico.

CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.

Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 - Databases, Controls, and Security.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.

CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.

Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.

Building Quality into Web Applications - Meeting the Challenges of Testing and Usability Paula Duchnowski CQA, CSTE (608)

Security and Ethics Privacy Employment Health Crime Working

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.

INFORMATION SYSTEM-SOFTWARE Topic: OPERATING SYSTEM CONCEPTS.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 10 Case Study: Conducting an Information Systems Audit.

Managing Operations Chapter 8 Information Systems Management In Practice 6E McNurlin & Sprague.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

AQA A2 COMP 3: Internet Security. Lesson Aim By the end of the lesson: By the end of the lesson: Describe different security issues and recommend tools/techniques.

Chapter 7 – Confidentiality Using Symmetric Encryption.

KERBEROS SYSTEM Kumar Madugula.

INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.

Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.

Forms of Network Attacks Gabriel Owens COSC 352 February 24, 2011.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

Information Systems Design and Development Security Precautions Computing Science.

Maintaining and Updating Windows Server 2008 Lesson 8.

Cyber crimes is the most popular news we come across daily In good olden days there were no development in the usage of computers as we have now As.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)

Novell iFolder Novell Academy QuickTrain. What is iFolder? Novell iFolder lets users’ files follow them anywhere A simple and secure way to access, organize.

SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.

Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.

CSCE 548 Student Presentation By Manasa Suthram

Network Security: IP Spoofing and Firewall

Firewalls and Security

Cloud Security AWS as an example.

Cloud Security AWS as an example.

Test 3 review FTP & Cybersecurity

Presentation transcript:

An Agent-based Bayesian Forecasting Model for Enhancing Network Security J. PIKOULAS, W.J. BUCHANAN, Napier University, Edinburgh, UK. M. MANNION, Glasgow Caledonian University, Glasgow, UK. K. TRIANTAFYLLOPOULOS, University of Warwick, UK.

Hacking methods: IP spoofing. Packet-sniffing. Password attack. Sequence number prediction attacks. Session hi-jacking attacks. Shared library attacks. Social Engineering attacks. Technological vulnerability attack. Trust-access attacks. Hacking methods: IP spoofing. Packet-sniffing. Password attack. Sequence number prediction attacks. Session hi-jacking attacks. Shared library attacks. Social Engineering attacks. Technological vulnerability attack. Trust-access attacks. IP spoofing IP spoofing Packet sniffing Packet sniffing Packet sniffing Packet sniffing

Hacking methods: IP spoofing. Packet-sniffing. Password attack. Sequence number prediction attacks. Session hi-jacking attacks. Shared library attacks. Social Engineering attacks. Technological vulnerability attack. Trust-access attacks. Hacking methods: IP spoofing. Packet-sniffing. Password attack. Sequence number prediction attacks. Session hi-jacking attacks. Shared library attacks. Social Engineering attacks. Technological vulnerability attack. Trust-access attacks. Shared library Shared library Social engineering Social engineering Password attack Password attack

Security programs: Security enhancement software. Enhances the operating system’s security. Authentication and encryption software. Such as Kerebos, RSA, and so on. Security monitoring software. Network monitoring software. Firewall software and hardware. Security programs: Security enhancement software. Enhances the operating system’s security. Authentication and encryption software. Such as Kerebos, RSA, and so on. Security monitoring software. Network monitoring software. Firewall software and hardware. Firewall Encryption and authentication Security enhancement Security enhancement Public key Private key Public key Private key User’s public key is used to encrypt data User’s private key is used to decrypt data Encrypted data INFO ENCR INFO Operating System Operating System Security Enhancement

Problem with existing security methods: Centralized. They tends to be based on a central server, which can become the target of an attack. No real-time response. They tend not to be able to respond to events as they occur, and rely on expert filtering. No ability to foresee events. Problem with existing security methods: Centralized. They tends to be based on a central server, which can become the target of an attack. No real-time response. They tend not to be able to respond to events as they occur, and rely on expert filtering. No ability to foresee events. Denial-of- service Denial-of- service Centralized Many external accesses eventually reduce the accessibility of the server: such as with Yahoo.com, eBay, Amazon, CNN, ZDNet and Excite (Feb 2000). Firewall Central server Central storage Centralized security can lead to attacks as the central resource becomes the focus of attacks Financial losses (2000/01) Financial losses (2000/01) Financial losses (2000/01): 1.Virus (70%). 2.Net abuse (45%). 3.Laptop theft (45%). 4.Denial of service (21%) 5.Unauthorized access (16%). 6.System penetration (14%). 7.Sabotage (12%).

Agent-based distributed security system: Agents work independently from the server. This reduces the workload on the server, and also the dependency on it. Agents download the user profile from the server. The agents can then learn the profile of the user and update it when they log-out. Agents can be responsible for security. Agent-based distributed security system: Agents work independently from the server. This reduces the workload on the server, and also the dependency on it. Agents download the user profile from the server. The agents can then learn the profile of the user and update it when they log-out. Agents can be responsible for security. Distributed agent-based Distributed agent-based Centralized

Core Agent Core Agent Agent compares usage with forecast User agent updates the forecasting model User agent returns the updated model to the user Core agent sends forecasting information Agent reports any changes In behaviour Agent monitors Current usage User profile User profile User profile User profile User Agent User Agent User logs off Agent-based distributed security system with forecasting

Agent environment topology Sensor. Monitors software applications. Transmitter. Sends information to the server. Profile reader. Reads the users historical profile. Comparator. Compares user’s history with the information read by the sensor. Agent environment topology Sensor. Monitors software applications. Transmitter. Sends information to the server. Profile reader. Reads the users historical profile. Comparator. Compares user’s history with the information read by the sensor.

Traditional method of forecasting against Bayesian forecasting

Prediction model: Observation stage. In this stage the model is monitoring the user and records its behaviour. Evaluation stage. In this stage the model makes a prediction and also monitors the user actual movements and calculates the result. This stage is critical, because the model modifies itself according to the environment that it operates in. One-step prediction. In this stage the model makes a single step prediction. For example, assume that the user is logged in for 15 times and the model is configured, and it is ready to start predicting user moves. Instead of making a five or ten step prediction, like other mathematical models, our model makes a prediction for the next step. When the user logs in and out of our model, it takes the actual behaviour of the user, compares it with the one step prediction that it has performed before and calculates the error. So the next time a prediction is made for this user it will include also the data of the last user behaviour. With this procedure we maximise the accuracy of the prediction system. Prediction model: Observation stage. In this stage the model is monitoring the user and records its behaviour. Evaluation stage. In this stage the model makes a prediction and also monitors the user actual movements and calculates the result. This stage is critical, because the model modifies itself according to the environment that it operates in. One-step prediction. In this stage the model makes a single step prediction. For example, assume that the user is logged in for 15 times and the model is configured, and it is ready to start predicting user moves. Instead of making a five or ten step prediction, like other mathematical models, our model makes a prediction for the next step. When the user logs in and out of our model, it takes the actual behaviour of the user, compares it with the one step prediction that it has performed before and calculates the error. So the next time a prediction is made for this user it will include also the data of the last user behaviour. With this procedure we maximise the accuracy of the prediction system.

Prediction parameters: n –Window size. z – Prediction number. t – time unit. Prediction parameters: n –Window size. z – Prediction number. t – time unit. Sample parameters: n = 15 z = 5 t = 1 hr Sample parameters: n = 15 z = 5 t = 1 hr Forecasting calculation

Intervention Useful in responding to exception data, such as when there is not enough data about a user. Intervention Useful in responding to exception data, such as when there is not enough data about a user.

Bayesian mathematics: As we see in the following equation we are introducing a parameter matrix, an random matrix with left variance matrix, right variance matrix.

Conclusions: Fast and simple model. It requires less preparation than other models. Provides good prediction results. Requires very little storage of user activity. Small increase in CPU processing. Only a 1-2% increase in CPU processing has been measured. Model learns with very little initial settings. Other models require some initial parameter settings to make them work well. Conclusions: Fast and simple model. It requires less preparation than other models. Provides good prediction results. Requires very little storage of user activity. Small increase in CPU processing. Only a 1-2% increase in CPU processing has been measured. Model learns with very little initial settings. Other models require some initial parameter settings to make them work well.