10/1/20071 Automatic Evaluation of Intrusion Detection Systems F. Massicotte, F. Gagnon, Y. Labich, L. Briand, Computer Security Applications Conference,

Slides:



Advertisements
Similar presentations
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Advertisements

1 A Schneider Electric Software for Pre-Design of Industrial and Tertiary Building Electrical Distribution.
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)
Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.
Discourse Analysis of Students’ Research Papers Roman Taraban Texas Tech University July 2010.
Copyright © Allyn & Bacon (2007) Final Preparations Before Data Collection Graziano and Raulin Research Methods: Chapter 14 This multimedia product and.
Towards A Theory Of Insider Threat Assessment Authors: Ramkumar Chinchani, Anusha Iyer Hung Q Ngo, Shambhu Upadhyaya International Conference on Dependable.
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Nick Duffield, Patrick Haffner, Balachander Krishnamurthy, Haakon Ringberg Rule-Based Anomaly Detection on IP Flows.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
A Student’s Guide to Methodology Justifying Enquiry 3 rd edition P ETER C LOUGH AND C ATHY N UTBROWN.
Computer Security: Principles and Practice
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
seminar on Intrusion detection system
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Introduction to Machine Learning Approach Lecture 5.
Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.
1 Action Automated Security Breach Reporting and Corrections.
PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.
Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms Zhichun Li 1, Lanjia Wang 2, Yan Chen 1 and Judy Fu 3 1 Lab.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Computer Crime and Information Technology Security
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.
A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, S. Hansman and R. Hunt,
A Framework for Automated Web Application Security Evaluation
IIT Indore © Neminah Hubballi
Task 4 Mathematics Boot Camp Fall, 2015.
Security Evaluation of Pattern Classifiers under Attack.
CRITICAL APPRAISAL OF SCIENTIFIC LITERATURE
Analyzing and Detecting Network Security Vulnerability Weekly report 1Fan-Cheng Wu.
A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.
1 Action Automated Security Breach Reporting and Corrections.
Development of Urban Statistics & Data Exploitation in China The National Bureau of Statistics of China (NBS) October 2008.
IEEE Communications Surveys & Tutorials 1st Quarter 2008.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Evaluating Network Security with Two-Layer Attack Graphs Anming Xie Zhuhua Cai Cong Tang Jianbin Hu Zhong Chen ACSAC (Dec., 2009) 2010/6/151.
By Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna Presented By Awrad Mohammed Ali 1.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Wireless communications and mobile computing conference, p.p , July 2011.
Business and Management Research
23 July 2003 PM-ITTS TSMOTSMO Information Assessment Test Tool (IATT) for IO/IW Briefing by: Darrell L Quarles Program Director U.S. Army Threat Systems.
Reports & Proposals. Reports can either be Informational or Analytical Informational Reports Writers collect and organize data to provide readers information.
Unix Security Assessing vulnerabilities. Classifying vulnerability types Several models have been proposed to classify vulnerabilities in UNIX-type Oses.
1 Figure 10-4: Intrusion Detection Systems (IDSs) Actions  Alarms  Interactive analysis Manual event inspection of raw log file Pattern retrieval 
IR 202 Research Methods This course aims to introduce students what is social research, what are the different types of research and the research process.
1 Copyright © 2014 M. E. Kabay. All rights reserved. Taxonomy of Computer Security Breaches CSH6 Chapter 8 “Using a Common Language for Computer Security.
1 Flexible, High-Speed Intrusion Detection Using Bro Vern Paxson Computational Research Division Lawrence Berkeley National Laboratory and ICSI Center.
INFSO-RI Enabling Grids for E-sciencE Grid-wide Intrusion Detection Stuart Kenny*, Brian Coghlan Dept. of Computer Science Trinity.
Research Methods Technical Writing Thesis Conference/Journal Papers
HoneyStat: Local Worm Detection Using Honeypots David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, et al from Georgia Institute of Technology Authors: The.
Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms Zhichun Li 1, Lanjia Wang 2, Yan Chen 1 and Judy Fu 3 1 Lab.
Hiding Intrusions : From the Abnormal to the Normal and Beyond Kymie Tan, John McHugh and Kevin Killourhy Presented in 5 th Information Hiding Workshop,
2016/3/13 1 Peer-to-peer system-based active worm attacks: Modeling, analysis and defense Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan Computer Communications.
© 2009 Pearson Prentice Hall, Salkind. Chapter 13 Writing a Research Proposal.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Scientific Literature and Communication Unit 3- Investigative Biology b) Scientific literature and communication.
SOFTWARE TESTING TRAINING TOOLS SUPPORT FOR SOFTWARE TESTING Chapter 6 immaculateres 1.
Writing Scientific Research Paper
Working at a Small-to-Medium Business or ISP – Chapter 8
Critical Security Controls
Task 4 Mathematics Boot Camp Fall, 2016.
Ethical Hacking.
Writing Scientific Papers: Written Scientific Reports
Data Mining & Machine Learning Lab
Final Conference 18 Set 2018.
Presentation transcript:

10/1/20071 Automatic Evaluation of Intrusion Detection Systems F. Massicotte, F. Gagnon, Y. Labich, L. Briand, Computer Security Applications Conference, ACSAC ’06, pp , Presented by: Lei WEI

10/1/20072 Summary 1. Proposed a strategy that is able to evaluate Intrusion Detection System (IDS) automatically and systematically 2. Evaluated two famous IDS programs, Snort and Bro 0.9a9, by using this new proposed strategy. 3. Proposed a 15-class taxonomy for test results.

10/1/20073 Appreciative Comments: Automatization This is an automatic IDS evaluation system. Because of automation, it is possible to efficiently and systematically create a large number of sample data. “ We use 124 VEP (covering a total of 92 vulnerabilities) and 108 different target system configurations” (Automatic Evaluation of Intrusion Detection Systems) “ We use 124 VEP (covering a total of 92 vulnerabilities) and 108 different target system configurations” (Automatic Evaluation of Intrusion Detection Systems) “38 different attacks were launched against victim UNIX hosts in seven weeks of training data and two weeks of test data.” (Evaluation Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detections Evaluation) “38 different attacks were launched against victim UNIX hosts in seven weeks of training data and two weeks of test data.” (Evaluation Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detections Evaluation)

10/1/20074 Critical Comment: 1. Complicated classification Each of the collected traffic traces belongs to one of the type, TP, TN, FP and FN. According to types of all traces collected from IDS evaluation tests, the authors suggested a 15-class taxonomy for IDSes, such as, alarmist, quiet, quiet and complete detection, complete evasion etc. This does make the evaluation complicated and confused. This does make the evaluation complicated and confused.  Hard to remember all the class names  Is quiet and complete detection a subclass of quiet? No! I prefer a statistical way by calculating the following two ratios, I prefer a statistical way by calculating the following two ratios, (, ), from which we know the percentage of attack being detected and the percentage about wrong alarms.

10/1/20075 Critical Comment: 2. Confused diagrams In this paper, the two diagrams, Figure 5 and Figure 1, and relevant description used to represent the working process of the whole system are not clear enough. (a). A title should be “… an effective guide for scientists rapidly scanning lists of titles for information relevant to their interests.” (Scientific writing for graduate students: a manual on the teaching of scientific writing, edited by F. Peter Woodford. New York: Rockefeller University Press, ) However, neither the title nor the content provides clear explanation to the meaning of numbers in Figure5.

10/1/20076 Critical Comment: 2. Confused diagrams (Continue) (b). Although the article describes the steps listed in Figure1, the provided diagram does confused us to understand the structure and working process of the system. The title is Virtual network infrastructure,but the figure actually covers more stuff than that. It does not only represent Virtual network infrastructure, but also shows the working process of the subsystem. (b). Although the article describes the steps listed in Figure1, the provided diagram does confused us to understand the structure and working process of the system. The title is Virtual network infrastructure, but the figure actually covers more stuff than that. It does not only represent Virtual network infrastructure, but also shows the working process of the subsystem.

10/1/20077 Working process of Automatic IDS Evaluation system This system could be divided into two subsystems. The attack simulation and data collection system The attack simulation and data collection system The IDS Evaluation Framework The IDS Evaluation Framework

10/1/ Attack simulation and data collection system 1.Choose Vulnerability Exploitation Program (VEP) 2.Choose Configuration of the target System (e.g. IDS) Script Generation Set up Virtual Network Set up Attack Script Execute Attack Data Set Provide the virtual attacking machine the proper attack configuration (e.g. Whether apply IDS Evasion Tech.) 1.Capture attack traffic traces 2.Document the traffic traces Restore 1.Save the traffic traces and IDS alarms on the shared hard-drive 2.Restore the virtual attacker and target machines to their initial state

10/1/20079 Data Set IDS IDS Evaluator IDS Result Analyzer Report 2. IDS Evaluation Framework IDS Evaluator takes documented traffic traces from the Data Set IDS Evaluator provide traffic traces to each tested IDS Compare the two groups of data sets and determine whether the IDS detection succeed The collected IDS alarms are fetched by the IDS Results Analyser Generate the evaluation report

10/1/ Question This paper evaluated two open source IDSes by the new strategy. However, many IDSes have patent or copy right protection. Those creators would never reveal the weak points of their products. Is it ethical or illegal to publish the evaluations of IDS programs so that others can know the truth? Is it ethical or illegal to publish the evaluations of IDS programs so that others can know the truth?

10/1/ The End

10/1/ The 15-class taxonomy (Supplement)

10/1/ Document traffic traces (Supplement) Each traffic trace is documented by four characteristics: 1. Target system configuration 2. VEP configuration 3. Whether or not the VEP exploited the vulnerability of the target system 4. Whether or not the attack is successful

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.