Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher.

Slides:

Advertisements

Similar presentations

Performance Testing - Kanwalpreet Singh.

Advertisements

Companies can suffer numerous problems due to poor management of resources and careless decisions. In real-world decision- making, many organizations lack.

Software Quality Assurance Plan

Intrusion Detection and Information Fusion/Decision Making By Ganesh Godavari.

Application of Bayesian Network in Computer Networks Raza H. Abedi.

Project Management Methodology Procurement management.

Insider Access Behavior Team May 06 Brandon Reher Jake Gionet Steven Bromley Jon McKee Advisor Client Dr. Tom DanielsThe Boeing Company Contact Dr. Nick.

Guide to Network Defense and Countermeasures Second Edition

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

Microsoft Ignite /16/2017 4:54 PM

July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Health Informatics Series

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

System Engineering Instructor: Dr. Jerry Gao. System Engineering Jerry Gao, Ph.D. Jan System Engineering Hierarchy - System Modeling - Information.

Michael S. Zachowski, Robert D. Walla Astrix Technology Group 1090 King Georges Post Rd Edison, NJ A Successful Approach to a LIMS Upgrade In A Public.

Maintaining and Updating Windows Server 2008

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Lecture 11 Intrusion Detection (cont)

Intrusion Detection System Marmagna Desai [ 520 Presentation]

INTRUSION DETECTION SYSTEM

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

MSF Testing Introduction Functional Testing Performance Testing.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

S/W Project Management

TESTING STRATEGY Requires a focus because there are many possible test areas and different types of testing available for each one of those areas. Because.

Database Design - Lecture 1

Information Systems Security Computer System Life Cycle Security.

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Secure Search Engine Ivan Zhou Xinyi Dong. Introduction  The Secure Search Engine project is a search engine that utilizes special modules to test the.

What is a life cycle model? Framework under which a software product is going to be developed. – Defines the phases that the product under development.

Honeypot and Intrusion Detection System

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

Monitoring Windows Server 2012

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Attack Tool Repository and Player for ISEAGE May Team:Jeremy Brotherton Timothy Hilby Brett Mastbergen Jasen Stoeker Faculty Advisor:Doug Jacobson.

User Log Analyzing Algorithm Simulator 491 May15-11.

Maintaining and Updating Windows Server Monitoring Windows Server It is important to monitor your Server system to make sure it is running smoothly.

1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.

1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Attack Tool Repository and Player for ISEAGE May06-11 Abstract Today’s world is changing shape as it increases its dependency on computer technology. As.

Open-Eye Georgios Androulidakis National Technical University of Athens.

BTS330: Business Requirements Analysis using OO Lecture 6: Systems.

Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.

Network design Topic 6 Testing and documentation.

Marin Frankovic Datacenter TSP

Wireless Intrusion Detection & Response ECE 4006 Group 2: Seng Ooh Toh Varun Kanotra Nitin Namjoshi Yu-Xi Lim.

 CMMI  REQUIREMENT DEVELOPMENT  SPECIFIC AND GENERIC GOALS  SG1: Develop CUSTOMER Requirement  SG2: Develop Product Requirement  SG3: Analyze.

A Blackboard-Based Learning Intrusion Detection System: A New Approach

Microsoft ® Official Course Module 6 Managing Software Distribution and Deployment by Using Packages and Programs.

ECpE Student Database Team 21 Adviser: Tien Nguyen ECpE and Tony Moore.

 Project Team: Suzana Vaserman David Fleish Moran Zafir Tzvika Stein  Academic adviser: Dr. Mayer Goldberg  Technical adviser: Mr. Guy Wiener.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Maintaining and Updating Windows Server 2008 Lesson 8.

DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.

Unit 2: Cyber Security Part 3 Monitoring Tools & other Security Products.

Snort – IDS / IPS.

Troubleshooting Tools

Java Embedded Network Intrusion Security

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

Presentation transcript:

Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher

Research and validate existing algorithms, tools, and systems that can detect unauthorized data access and data movement — This approach will be limited to open source and freely available solutions that address the problem Develop our own toolset and algorithm that will use a user profile to detect unauthorized or abnormal data access and data movement Problem Statement

Conceptual Sketch

Shall make use of pre-existing technologies Shall take input from a variety of sources and systems Shall correlate and filter relevant data Shall alert when malicious activity is discovered Shall have a system to provide notifications on alerts Shall contain an algorithm that decides whether an attack is being committed Functional Requirements

Shall have a low false-positive rate Shall be inconspicuous to the malicious user Shall provide alerts in a timely manner The product shall abide by all licenses of open source software utilized Non-functional Requirements

The products shall be scalable to a network of up to 1000 machines The product shall have a low false positive rate Data shall be obtained from Cyber Defense Competitions Data shall be obtained from activity scripts Technical Constraints & Considerations

Insider Threat Prediction Tool: Evaluating the probability of IT misuse Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector Composite Role-Based Monitoring (CRBM) for Countering Insider Threats Literature Survey

No simulation data is found Write activity scripts Continue search for data High false positive results Continue to refine decision algorithm Miss malicious attacks Continue to refine filtering algorithm Potential Risks & Mitigation

Time Estimate

Resource Estimate ItemTeam HoursCost Research Materials180$0 Dell PowerEdge T410 (8)8$6,392 Linux Red Hat10$350 NetBSD10$0 Splunk3$0 Ettercap3$0 Apache2$0 MySQL2$0 PHP2$0 Totals220$6,742 ItemW/O LaborW/Labor Research Materials$0$3,600 Dell PowerEdge T410 (8)$6,392$6,572 Linux Red Hat$350$550 NetBSD$0$200 Splunk$0$60 Ettercap$0$60 Apache$0$20 MySQL$0$40 PHP$0$20 AlgorithmN/A$6,000 Totals$6,742$17,122

Research options for threat detection Choice made on what methods will be used in product Equipment has proper systems All the systems of a LAMP architecture are installed on the machines allocated to the group Data is obtained Group had large amounts of data that contain both outside and inside malicious attacks Project Milestones and Schedule

Log Analyzer Gather Logs from the different systems installed on the network, give them a standard format, and store them in a central repository Network Analyzer Profiling Algorithm Profile log information, look for anomalies in user profile activity, and raise alerts when malicious activity is detected Functional Decomposition

Functional Modules

Interface Definition

Installation Interface Trusted administrators will have an initial interface in which they can input trusted users and the access control lists Runtime Interface Normal users will have no interface to the system Alert Interface Trusted administrators will view alert details in the form of an message sent to the trusted administrator list User Interface

Hardware Platform

Dell machines were profiled for market survey due to high market presence Hardware Platform (cont.)

Operating SystemsSystem Libraries Apache MySQL PHP Third-Party Software Ettercap Snort Splunk NetBSD Version Red Hat Enterprise Linux (RHEL) Version 6.0 Software Platform

Test Environment Located on an ISEAGE-provided computers Consists of small scale network that is designed to represent a scaled down version of a generic enterprise network Focus is on the intranet traffic Test Plan - Environment

Scenario 1Scenario 2 Network Traffic Procedure Create controlled traffic on the network Compare the captured packets to the traffic created to determine if entire traffic sequences were captured. Log Gathering Procedure Manually start the log gathering system to gather a known set of logs from predefined locations. Compare the logs retrieved with the logs in the source location to determine if all logs were successfully collected. Test Plan - Design

Scenario 3Scenario 5 Entire System Procedure Script various activity types, including malicious and legitimate activity Monitor generated alerts to verify that malicious and suspicious activities are the only events reported Measure the response time from activity to alert report Alert System Procedure Input the alert flag / trigger to the system to create an alert Monitor the reporting mechanism to verify that the alert is created successfully Test Plan – Design (cont.)

Machine Setup Basic Installation Complete Non-interference with ISU network Data Detection Method Location of Data Sources Literature & Market Survey Profiling Algorithm Current Project Status

Task Responsibility

Setup and Configuration of Toolset Develop Profiling Algorithm Transform abstract algorithm to concrete program Testing and Modifications Extensive testing of components to ensure proper results are obtained. Compile Report of Successes and Failures Plan for Next Semester