Presentation is loading. Please wait.

Presentation is loading. Please wait.

AI in Cybersecurity Kevin Song, Shivani Rajasekaran, Vedant Tyagi, Paul Kim CS 4624: Multimedia, Hypertext, and Information Access Virginia Polytechnic.

Published byΝίκανδρος Αξιώτης Modified over 6 years ago

Similar presentations

Presentation on theme: "AI in Cybersecurity Kevin Song, Shivani Rajasekaran, Vedant Tyagi, Paul Kim CS 4624: Multimedia, Hypertext, and Information Access Virginia Polytechnic."— Presentation transcript:

1 AI in Cybersecurity Kevin Song, Shivani Rajasekaran, Vedant Tyagi, Paul Kim CS 4624: Multimedia, Hypertext, and Information Access Virginia Polytechnic Institute and State University Blacksburg, VA 24061 Instructor: Dr. Edward A. Fox Client: James R. Morris King, Devin M. Wynne May 9, 2018

2 Outline Project Overview Report Objectives Limitations Implementation
Design Results (Console Application) Potential Future Expansion Acknowledgments Smart grid, intuition detection concept, ais algorithm, we deci

3 Project Overview Deliverable: Technical research report
Project objective: Provide a proof of concept implementation of an Artificial Immune System(AIS) for intrusion detection on common Internet protocols used in Smart grid AMI networks such as the Wide Area Network (WAN). The goal of this report is to provide a proof of concept that an AIS can be implemented on smart grid AMI (Advanced Metering Infrastructure) networks and furthermore be able detect intrusions and anomalies in the network data. This report contains a proof of concept implementation of an AIS system for intrusion detection on a theoretical user inputted packet capture (pcap) data containing common Internet protocols used in Smart grid AMI networks. This deliverable will not allow us to create a realistic AIS system but it contains all the processes that are necessary in doing so such as implementation of Negative Selection Algorithm(NSA) and r-chunk bit matching. This proof of concept implementation proves that if the implementation was scaled up it could catch intrusions in WAN in Smart Grid.

4 Report Objectives Background Proof of concept implementation
Smart Grid AMI (Advanced Metering Infrastructure) IDS (Intrusion Detection System) AIS (Artificial Immune System) Framework for AIS based IDS AIS algorithms Negative Selection Algorithm Proof of concept implementation The report talks about what is Smart Grid and the current Security concerns of the Smart grid Then the report talks about the AMI and the AMI networks such as the HAN (Home area network), NAN (Neighborhood area network), WAN( Wide area network). We are using wide area network. The report also mentions the current IDS systems for cyber defense The report describes what Artificial Immune System is, the framework for AIS based IDS, and the AIS algorithms (specifically Negative Selection Algorithm which we will use in our implementation) Lastly our report will include a proof of concept implementation which is a theoretical scaled down approach of a real world AIS to catch intrusions in real time network data. We will explain the details of its workings in later sections. As we mentioned previously, our project is report based. On the report, we included our research about smart grid, AMI, IDS, AIS, Negative Selection

5 Limitations Initial goal for the implementation
Import and read the set of data from pcap file Find the complete data handshake among the TCP protocol Catch network intrusions in the pcap file Our initial goal for implementation was to read the set of data from pcap file and find data flowing pattern based on the detected complete data handshake among the TCP protocol. However, we did not have enough AIS resources, and had limited time. And we only had about 100 set of data flowing and only 8 complete handshake in the data set. The data set was not enough to find accurate data pattern. We can get the information of each packet with the built-in function. But, as we can read the packet’s information using Wireshark easily and more clearly, we concluded that it is no necessary to implement just to show the same packet’s information.

6 Implementation Design
Visual Studios C# Console application Algorithm used: Negative Selection Algorithm (NSA) Data used: User inputted Transport Control Protocol (TCP) “Handshake” bits AIS terminology to represent network elements This is a C# console application. This deliverable will not allow us to create a realistic AIS system but it contains all the processes that are necessary in doing so such as implementation of Negative Selection Algorithm(NSA) and r-chunk bit matching. This implementation is a theoretical scaled down approach of a real world AIS to catch intrusions in real time network data. Although for the purposes of constructing an implementation in a timely and feasible manner we will be using theoretical TCP/IP network data which will be user inputted instead of a real time network stream.

7 Implementation Result
Step 1: Creating the Self-Antigen Set This self-antigen set represents the bytes in a normal TCP handshake. 48 bits, 3 separate sections of 16 bits each as shown below: 1. Syn flag: 2. Syn, Ack flag: 3. Ack flag:

8 Implementation Result
Step 2: Creating the Lymphocyte set Antibody detectors Random bit array generated No antibody can detect a self-antigen Antibody not in result set

9 Implementation Result
Step 3: Detecting Intrusions on incoming packets Randomly generated TCP “Handshake” packet bits Knuth Morris Pratt (KMP) algorithm

10 Implementation Result
Step 3: Detecting Intrusions on incoming packets Iteration 1:

11 Implementation Result
Step 3: Detecting Intrusions on incoming packets Iteration 2:

12 Implementation Result
Step 3: Detecting Intrusions on incoming packets Iteration 3:

13 Implementation Result
Step 3: Detecting Intrusions on incoming packets Iteration 4:

14 Potential Future Expansion
Future of AIS in Smart Grid Networks: Scale up the AIS implementation to enable it to run on networks like the WAN in smart grid. Furthermore, AMI data (which uses TCP/IP network pcap data) can also be able to catch intrusions in the smart grid. Future of AIS based IDS: Dendritic Cell Concept Solve current problems like high false alarm rates Boosting the efficiency of current systems WAN has TCP/IP data.

15 Acknowledgments Dr. Edward Fox
Support by MITRE, including guidance by James Morris King, Devin Wynne References:

Download ppt "AI in Cybersecurity Kevin Song, Shivani Rajasekaran, Vedant Tyagi, Paul Kim CS 4624: Multimedia, Hypertext, and Information Access Virginia Polytechnic."

Similar presentations

CCNA – Network Fundamentals

CCNA – Network Fundamentals
Chapter 7 – Transport Layer Protocols

Chapter 7 – Transport Layer Protocols
CCNA 1 v3.1 Module 11 Review.

CCNA 1 v3.1 Module 11 Review.
UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - (http://www.TCPIPGuide.com) Version 3.0 - Version.

UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - ( Version Version.
TCP/IP Protocol Suite 1 Chapter 18 Upon completion you will be able to: Remote Login: Telnet Understand how TELNET works Understand the role of NVT in.

TCP/IP Protocol Suite 1 Chapter 18 Upon completion you will be able to: Remote Login: Telnet Understand how TELNET works Understand the role of NVT in.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Introduction to the Application.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Introduction to the Application.
Network Traffic Measurement and Modeling CSCI 780, Fall 2005.

Network Traffic Measurement and Modeling CSCI 780, Fall 2005.
FACE RECOGNITION BY: TEAM 1 BILL BAKER NADINE BROWN RICK HENNINGS SHOBHANA MISRA SAURABH PETHE.

FACE RECOGNITION BY: TEAM 1 BILL BAKER NADINE BROWN RICK HENNINGS SHOBHANA MISRA SAURABH PETHE.
Artificial Immune Systems Our body’s immune system is a perfect example of a learning system. It is able to distinguish between good cells and potentially.

Artificial Immune Systems Our body’s immune system is a perfect example of a learning system. It is able to distinguish between good cells and potentially.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,

A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.
Process-to-Process Delivery:

Process-to-Process Delivery:
©Brooks/Cole, 2003 Chapter 6 Computer Networks. ©Brooks/Cole, 2003 Understand the rationale for the existence of networks. Distinguish between the three.

©Brooks/Cole, 2003 Chapter 6 Computer Networks. ©Brooks/Cole, 2003 Understand the rationale for the existence of networks. Distinguish between the three.
Application Layer. Applications A program or group of programs designed for end users. Software can be divided into two general classes: systems software.

Application Layer. Applications A program or group of programs designed for end users. Software can be divided into two general classes: systems software.
Application Layer. Applications A program or group of programs designed for end users. A program or group of programs designed for end users. Software.

Application Layer. Applications A program or group of programs designed for end users. A program or group of programs designed for end users. Software.
Distributed Network Intrusion Detection An Immunological Approach Steven Hofmeyr Stephanie Forrest Patrik D’haeseleer Dept. of Computer Science University.

Distributed Network Intrusion Detection An Immunological Approach Steven Hofmeyr Stephanie Forrest Patrik D’haeseleer Dept. of Computer Science University.
1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 

1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 
Chapter 16 Stream Control Transmission Protocol (SCTP)

Chapter 16 Stream Control Transmission Protocol (SCTP)
TRANSPORT LAYER T.Najah Al-Subaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.

TRANSPORT LAYER T.Najah Al-Subaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.

Similar presentations

Ads by Google