Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)

Slides:



Advertisements
Similar presentations
Bro: A System for Detecting Network Intruders in Real-Time Vern Paxson Lawrence Berkeley National Laboratory,Berkeley, CA A stand-alone system for detecting.
Advertisements

The story beyond Artificial Immune Systems Zhou Ji, Ph.D. Center for Computational Biology and Bioinformatics Columbia University Wuhan, China 2009.
School of Applied Technology, Dep. Of Computer Engineering, T.E.I of Epirus A-Class: a novel classification method I.Tsoulos, A. Tzallas, E. Glavas.
Good afternoon. My name is Marek Pawłowski
Exact and heuristics algorithms
Greg Williams CS691 Summer Honeycomb  Introduction  Preceding Work  Important Points  Analysis  Future Work.
AVG Internet Security 7.5 Product presentation.
Universidad del Cauca Red de Datos Module 9 Remote Connections.
Biologically Inspired AI (mostly GAs). Some Examples of Biologically Inspired Computation Neural networks Evolutionary computation (e.g., genetic algorithms)
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Non-Linear Problems General approach. Non-linear Optimization Many objective functions, tend to be non-linear. Design problems for which the objective.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Genetic algorithms for neural networks An introduction.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03.
Evolutionary Algorithms Simon M. Lucas. The basic idea Initialise a random population of individuals repeat { evaluate select vary (e.g. mutate or crossover)
Genetic Algorithms Learning Machines for knowledge discovery.
Basic concepts of Data Mining, Clustering and Genetic Algorithms Tsai-Yang Jea Department of Computer Science and Engineering SUNY at Buffalo.
Chapter 14 Intrusion Detection. Hacker Capabilities.
Scale Invariant Object Detection using a Hybrid Genetic Algorithm – Fuzzy Logic Approach Group – 9 Ayesha Farrukh [ ] Junaid Akhtar [ ]
An Evolutionary Approach To Space Layout Planning Using Genetic Algorithm By: Hoda Homayouni.
Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.
Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.
Revision Michael J. Watts
Engineering Applications of Artificial Intelligence,
CS 447 Networks and Data Communication
Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Department of Computer Science & Engineering College of Engineering.
Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
Soft Computing Lecture 18 Foundations of genetic algorithms (GA). Using of GA.
TECHNOLOGY GUIDE FOUR Intelligent Systems.
An Introduction to Artificial Intelligence and Knowledge Engineering N. Kasabov, Foundations of Neural Networks, Fuzzy Systems, and Knowledge Engineering,
Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.
COEN 252: Computer Forensics Network Analysis and Intrusion Detection with Snort.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
An Overview of Intrusion Detection Using Soft Computing Archana Sapkota Palden Lama CS591 Fall 2009.
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
Tunneling and Securing TCP Services Nathan Green.
Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
ELeaRNT: Evolutionary Learning of Rich Neural Network Topologies Authors: Slobodan Miletic 3078/2010 Nikola Jovanovic 3077/2010
Pac-Man AI using GA. Why Machine Learning in Video Games? Better player experience Agents can adapt to player Increased variety of agent behaviors Ever-changing.
Artificial Intelligence Center,
Firewall – Survey  Purpose of a Firewall  To allow ‘proper’ traffic and discard all other traffic  Characteristic of a firewall  All traffic must go.
FORESEC Academy FORESEC Academy Security Essentials (III)
INFSO-RI Enabling Grids for E-sciencE Grid-wide Intrusion Detection Stuart Kenny*, Brian Coghlan Dept. of Computer Science Trinity.
Machine Learning for Network Anomaly Detection Matt Mahoney.
A Blackboard-Based Learning Intrusion Detection System: A New Approach
Lecture 4 : Network Architectures (cont..) 1. 2 Summary of OSI Layers.
TECHNOLOGY GUIDE FOUR Intelligent Systems. TECHNOLOGY GUIDE OUTLINE TG4.1 Introduction to Intelligent Systems TG4.2 Expert Systems TG4.3 Neural Networks.
An Evolutionary Algorithm for Neural Network Learning using Direct Encoding Paul Batchis Department of Computer Science Rutgers University.
Genetic Algorithm(GA)
Evolutionary Design of the Closed Loop Control on the Basis of NN-ANARX Model Using Genetic Algoritm.
An Introduction To Gateway Intrusion Detection Systems Hogwash GIDS Jed Haile Nitro Data Systems.
Implementation of Genetic Algorithms into SNORT, a Network Intrusion Detection System By Brian E. Lavender March 21, 2010 Advisor: Dr. Scott Gordon Department.
Genetic Algorithm (Knapsack Problem)
CSE 4705 Artificial Intelligence
Snort – IDS / IPS.
NOVEL APPROACH FOR NETWORK INTRUSION DETECTION
TECHNOLOGY GUIDE FOUR Intelligent Systems.
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Network Intrusion Detection Using GA
Yan Chen Department of Electrical Engineering and Computer Science
Intrusion Detection with Neural Networks my awesome graphic ↑
Network Models CCNA Instructor Training Course October 12-17, 2009
Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University.
Density-Based Image Vector Quantization Using a Genetic Algorithm
Training Feedforward Neural Networks Using Genetic Algorithms
Computer Networks Protocols
Presentation transcript:

Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)

Custom rules to identify attacks SNORT Experience

Statistical Packet Anomaly Detection Engine SNORT Plugin. Disappeared!!!

MS Project – What to do? Network Security Artificial Inteligence

Nprobe (Luca Deri) Genetic Algorithm Paper (Ren Hui Gong) NetGA Integration and further development (Me!)

How the Genetic Algorithm Works! Training Data

Training Data

DARPA Training Data Source

Make Rules that Match only attacks (Orange)! Training Data

Individual Chromosome

Individual Evolution

Individual Elitism New Popluation Old Popluation Clone Two best of each attack Type

Individual Crossover. Making Children

Individual Mutation Only happens on rare occasions

00,-1,-1 exec guess Fitness ,-1,02 ftp guess Fitness ,-1,-1 exec guess Fitness ,-1,02 ftp guess Fitness ,01,42 ftp rcp Fitness ,01,23 rlogin rcp Fitness ,01,57 smtp port-scan fitness Individuals Start!

00,00,14 rlogin rsh fitness is ,00,14 rlogin rsh fitness is ,00,04 rlogin port-scan fitness is ,-1,23 telnet guess fitness is ,-1, port-scan fitness is ,-1, port-scan fitness is ,-1,23 telnet guess fitness is Individuals Finish!

NetGA Plugin matches connection pool In nProbe. nProbe Layout

nProbe code Development and Testing Dummy Interface # modprobe dummy0 # ifconfig dummy TCP Replay # tcpreplay -i dummy0 sample_data01.tcpdump Run nProbe # nprobe -i dummy0 –netGA=

NetGA Isaac Newton