A Blackboard-Based Learning Intrusion Detection System: A New Approach

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Application of Bayesian Network in Computer Networks Raza H. Abedi.
1 Advances in Network Security Case Study: Intrusion Detection Max Lakshtanov Comp 529T 7-10.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Bro: A System for Detecting Network Intruders in Real-Time Presented by Zachary Schneirov CS Professor Yan Chen.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Host Intrusion Prevention Systems & Beyond
Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
WAC/ISSCI Automated Anomaly Detection Using Time-Variant Normal Profiling Jung-Yeop Kim, Utica College Rex E. Gantenbein, University of Wyoming.
Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)
Distributed Network Intrusion Detection An Immunological Approach Steven Hofmeyr Stephanie Forrest Patrik D’haeseleer Dept. of Computer Science University.
1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Intrusion Detection Presentation : 1 OF n by Manish Mehta 01/24/03.
GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.
IIT Indore © Neminah Hubballi
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński
Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Intrusion Detection System Kittiphan Techakittiroj
1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.
Note1 (Admi1) Overview of administering security.
1 A Network Security Monitor Paper By: Heberlein et. al. Presentation By: Eric Hawkins.
Cryptography and Network Security Sixth Edition by William Stallings.
Artificial Intelligence Center,
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Intrusion Detection System
Approaches to Intrusion Detection statistical anomaly detection – threshold – profile based rule-based detection – anomaly – penetration identification.
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
Intrusion Detection and Prevention Systems By Colton Delman COSC 454 Information Assurance Management.
Some Great Open Source Intrusion Detection Systems (IDSs)
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
IDS/IPS Intrusion Detection System/ Intrusion Prevention System.
Ch.22 INTRUSION DETECTION
(A CORPORATE NETWORK APPROACH)
Intrusion Detection Systems
Evaluating a Real-time Anomaly-based IDS
An Enhanced Support Vector Machine Model for Intrusion Detection
Intrusion Detection & Prevention
NET 412 Network Security protocols
Intrusion Detection Systems (IDS)
Intrusion Detection Systems
Lecture 8: Intrusion Detection
Intrusion Detection system
Intrusion Detection Systems
Lecture 7: Intrusion Detection
When Machine Learning Meets Security – Secure ML or Use ML to Secure sth.? ECE 693.
Presentation transcript:

A Blackboard-Based Learning Intrusion Detection System: A New Approach Presented by: Preeti Anday Dept of Computer & Information Sciences University of Delaware

What is a blackboard?

Blackboard Architecture KS Controller Knowledge Sources (KS)

What is an IDS? An intrusion detection system (IDS) is a device (or application) that monitors network and/or system activities for malicious activities or policy violations.

Intrusion Detection Anomaly Detection Misuse Detection

Intrusion Detection Based on Network system area they audit: Host based Security system that is detecting inside abuses in a computer system Network based Capable of identifying abusive uses or attempts of unauthorized usage of the computer network from outside the system

Prior Approaches Rule based analysis: Predefined rule set Expert systems Drawbacks Inability to detect attack scenarios Lack flexibility Variations in the attack sequence reduce effectiveness of the system

Common Types Of Malicious Attacks Denial-of-service Attack (DoS) Guessing rlogin Attack Scanning Attack

Autonomous Agents What are Autonomous agents? Software agents that perform certain security monitoring functions at the host Independent entities Have minimal overhead and can resist subversion Dynamically reconfigurable, scalable and easily adaptable Degrade gracefully

Learning Intrusion Detection System Architecture

Tier 1 Contains autonomous agents required for initial alert feature, A1: Network reader Collects network data with the help of a program called tcpdump Pastes them on the blackboard A2: Initial Analyzer Calls a rule based classifier that is written as a dll in C++ A3: Display/Output agent Reports the initial analysis to the user

Tier 2 Contains agents that analyze the system specific information, A4: System reader Gathers system specific information on the protected system Posts it on the blackboard A5: Attack classifier Identifies different subclasses of intrusions present in the network Send information from blackboard to the classifier which performs the diagnosis and posts the results on the Blackboard

Tier 2 contd. Memory usage Number of connections Connection attempts The information gathered in A4 includes, Available network bandwidth CPU Usage Network packets Memory usage Number of connections Connection attempts Protocol Packet length

Tier 2 contd. The classifier used in A5 is a micro genetic algorithm based classifier that uses the multiple fault diagnosis concept to perform the necessary function. The result states what of attack is present and what is its probability of presence in the data set. The genetic algorithm is capable of determining the sub-classifications of attacks.

Tier 3 Contains autonomous agents that give full details of the attacks A6: Analyzer with ANN Analyzes information Decides which type of ANN will be useful for further analysis If the analysis finds no attack in the dataset, the agent flags the dataset as false positive alarm

Tier 3 A7: Teaching agent Updates the rule set of A2 A8: Report generation Displays a complete report of the analysis to the user Since the agents are autonomous, a control pattern is included to ensure that each agent gets at least one chance to look at the blackboard in one process cycle.

Questions