Automatic Detection of Emerging Threats to Computer Networks Andre McDonald.

Slides:



Advertisements
Similar presentations
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Advertisements

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
1 MIS 2000 Class 22 System Security Update: Winter 2015.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Security+ Guide to Network Security Fundamentals
IDS/IPS Definition and Classification
Intrusion Detection Systems and Practices
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
NETWORK SECURITY.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Department Of Computer Engineering
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
Norman SecureSurf Protect your users when surfing the Internet.
Unit 4 – Impact of the use of IT on Business Systems.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Hacker Zombie Computer Reflectors Target.
IIT Indore © Neminah Hubballi
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Enhancing the Security of Corporate Wi-Fi Networks using DAIR PRESENTED BY SRAVANI KAMBAM 1.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.
23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.
--Harish Reddy Vemula Distributed Denial of Service.
1 The New Security Blueprint : Challenges & Opportunities Ajay Goel, Managing Director, Symantec India & SAARC Sept 1, 2011.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Automatically Generating Models for Botnet Detection Presenter: 葉倚任 Authors: Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel,
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
A System for Denial-of- Service Attack Detection Based on Multivariate Correlation Analysis.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
Cryptography and Network Security Sixth Edition by William Stallings.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
Intrusion Detection System
A threat to global security and economy Koushik Mannepalli CMPE 294.
Wireless Intrusion Detection & Response ECE 4006 Group 2: Seng Ooh Toh Varun Kanotra Nitin Namjoshi Yu-Xi Lim.
1 Monitoring and Early Warning for Internet Worms Authors: Cliff C. Zou, Lixin Gao, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst Publish: 10th.
Role Of Network IDS in Network Perimeter Defense.
Anomaly Detection. Network Intrusion Detection Techniques. Ştefan-Iulian Handra Dept. of Computer Science Polytechnic University of Timișoara June 2010.
IS3220 Information Technology Infrastructure Security
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
DOWeR Detecting Outliers in Web Service Requests Master’s Presentation of Christian Blass.
Some Great Open Source Intrusion Detection Systems (IDSs)
Securing Information Systems
Chapter 40 Internet Security.
Securing Information Systems
Deployment Planning Services
Securing Information Systems
A survey of network anomaly detection techniques
12/5/2018 2:50 AM How to secure your front door with real-time risk assessments of your logons Jan Ketil Skanke COO and Principal Cloud Architect CloudWay.
INFORMATION SYSTEMS SECURITY and CONTROL
Intrusion Detection system
Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University.
Using Software Restriction Policies
Presentation transcript:

Automatic Detection of Emerging Threats to Computer Networks Andre McDonald

Overview of presentation The cybercrime problem –Background –Cybercrime in South Africa –Network vulnerabilities Network intrusion detection –The need for network intrusion detection –Network intrusion detection systems –Anomaly detection techniques CSIR research and development –Time series detection –Network intrusion detection software platform

The Cybercrime Problem

Background Cybercrime is any crime in which a computer is the object of the crime, or is used as a tool to commit an offence. Examples Fraud and financial crimes Identity theft and theft of classified information With a global impact of $388 bn per year, cybercrime is bigger than the global black market in marijuana, cocaine and heroin combined ($288 bn), and more than 100 times the annual expenditure of UNICEF ($3.7 bn).

Cybercrime in South Africa Challenges in the local context SMMEs with small ICT budgets Local skills shortage and lack of awareness 2014 statistics for cybercrime in South Africa Estimated cost to SA companiesR 5.8 billion, 0.14% GDP Average delay in detecting breach200 days Online adult South Africans exposed to cybercrime 55% Global ranking in cybercrime exposure3 rd, after Russia and China Estimated rate of “phishing” attacks1 in 215 messages

Network vulnerabilities Cybercrime frequently involves illegitimate access to networked computer systems, or their abuse Networked systems are vulnerable –Weak passwords –Mobile devices and BYOD policies –Outdated software and misconfiguration –Unencrypted transmission of information Emerging threats and previously unobserved attacks are of particular concern –Rapid threat propagation and slow reaction –Threat signatures unavailable or not up to date

Network Intrusion Detection

The need for network intrusion detection Automatic detection of network intrusions is required as an additional security layer Timely detection and blocking of intrusions in their early phases may limit the scope of the damage

Network intrusion detection systems Network Intrusion Detection Systems (NIDS): Hardware or software systems for automatically detecting intrusions in computer networks

Detection approaches Misuse detection Select predefined signatures of known malicious traffic patterns Compare observed traffic to signatures Low false positive rate, but cannot detect previously unobserved attacks Anomaly detection Construct models of legitimate traffic patterns Observed traffic that deviates from models are tagged as malicious Can detect certain previously unobserved attacks, but typically exhibits high false positive rates

Anomaly detection techniques Statistical techniques Univariate / multivariate models Time series detection –Filtering and thresholding Machine learning techniques Supervised learning –SVMs, neural networks Unsupervised learning –Clustering, outlier detection

Anomaly detection techniques Statistical techniques Adaptive and online model construction Can potentially be trained by attacker Rapid detection implies more false positives Machine learning techniques Ability to detect more intricate attacks Heavy data pre-processing burden Supervised learning requires labelled data Accuracy Speed ` Machine learning tech. Statistical tech.

CSIR Research and Development

CSIR anomaly detection research and development Statistical time series based detectors Two-stage detection Multi-resolution detection Unsupervised machine learning based detectors Unsupervised feature selection to address lack of labelled data Network intrusion detection software platform development Deployment and configuration of sensors and detectors Monitoring of network traffic patterns Incident logging and analysis Suppression of false positives

Time series detection: Example

Time series detection: Proposed two-stage detector Second stage performs finer-grained detection to suppress false positives Second stage algorithm triggers only upon threshold crossing in first stage detector Candidate algorithms for stage 2: –Spectral-based detector –Inter-arrival time detector Conventional time series detection Finer-grained detection Stage 1 Stage 2

Time series detection: Proposed two-stage detector Left window density estimation Right window density estimation Divergence metric calculation Thresholding

Time series detection: Experimental work Detection of denial-of-service attack against web server Corporate network with compromised workstations Compromised workstation floods web server with requests, denying legitimate users access to the website

Time series detection: Experimental work

Time series detection: Experimental work StageAlgorithm / ParameterValue 1DetectionExponentially-weighted moving average 1Bin width2 seconds 2Density estimationGaussian kernel, Silverman’s heuristic over logarithm of request interarrival time 2Divergence metricSymmetric Kullback-Leibler divergence 2Window width31 requests

Time series detection: Experimental results

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.