Presentation is loading. Please wait.

Presentation is loading. Please wait.

Multi-Route Anomaly detection using Principal Component Analysis Adnan Iqbal Superviser Dr. Waqar Mahmood.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Multi-Route Anomaly detection using Principal Component Analysis Adnan Iqbal Superviser Dr. Waqar Mahmood."— Presentation transcript:

1 Multi-Route Anomaly detection using Principal Component Analysis Adnan Iqbal Superviser Dr. Waqar Mahmood

2 The concept Idea is to discover anomalies in the whole network and then to compare these network wide anomalies with those of single route anomalies To find out relationship between network wide anomalies and its constituent single route anomalies

3 Summary Discover a scheme that can be used to get relationship between network wide anomalies and single route anomalies Implement the scheme Perform Regularization of Data Apply the scheme to suitable routes Analyze Results Analysis of Data used in Anomaly Detection

4 Current Work Study of MIT Lincoln Lab intrusion detection data The Network Inside (Air Force Base) Outside (Internet) DMZ (Connection) Data Sets (98, 99, 2000) 2000 data set (scenario based) LLDOS 1.0 - Scenario One LLDOS 2.0.2 - Scenario Two Windows NT Attack Data Set

5 Network 1 Out Side Hosts IP AddressHostnameOperating SystemNotes 135.13.216.191alpha.apple.eduLinux Redhat 5.0kernel 2.0.32 135.8.60.182beta.banana.eduSolaris 2.5.1 194.27.251.21gamma.grape.milSunOS 4.1.4 194.7.248.153delta.peach.milLinux Redhat 5.0kernel 2.0.32 195.115.218.108epsilon.pear.comSolaris 2.5.1 195.73.151.50lambda.orange.comSunOS 4.1.4 196.37.75.158jupiter.cherry.orgLinux Redhat 5.0kernel 2.0.32 196.227.33.189saturn.kiwi.orgSolaris 2.5.1 197.182.91.233mars.avocado.netSunOS 4.1.4 197.218.177.69pluto.plum.netLinux Redhat 5.0kernel 2.0.32 192.168.1.30monitor.af.milMacOSAF SNMP monitor 192.168.1.10calvin.world.net Outside gateway 192.168.1.20aesop.world.net Outside Web Server 192.168.1.1loud.world.net Cisco 2514 Router

6 Network 2 DMZ Hosts IP AddressHostnameOperating SystemNotes 172.16.114.1loud.eyrie.af.mil Cisco 2514 Router 172.16.114.2firewall.eyrie.af.mil Sidewinder Firewall 172.16.114.10plato.eyrie.af.milSolaris 2.6 Simulation Coordinator 172.16.114.20smith.eyrie.af.milSolaris 2.7 Loghost -- not used 172.16.114.30solomon.eyrie.af.milSolaris 2.7DMZ Sniffer 172.16.114.50marx.eyrie.af.milLinux Redhat 4.2kernel 2.0.27

7 Network 3-1 Inside Hosts IP AddressHostnameOperating SystemNotes 172.16.115.1firewall-inside.eyrie.af.mil Inside Firewall Interface 172.16.116.1firewall-inside.eyrie.af.mil Inside Firewall Interface 172.16.117.1firewall-inside.eyrie.af.mil Inside Firewall Interface 172.16.118.1firewall-inside.eyrie.af.mil Inside Firewall Interface 172.16.112.10locke.eyrie.af.milSolaris 2.6Inside Sniffer 172.16.112.20hobbes.eyrie.af.milLinux Redhat 5.0Inside gateway, kernel 2.0.32 172.16.112.50pascal.eyrie.af.milSolaris 2.5.1 172.16.112.100hume.eyrie.af.milWindows NT 4.0Build 1381, Service Pack 1 172.16.112.149eagle.eyrie.af.milLinux Redhat 5.0kernel 2.0.32 172.16.112.194falcon.eyrie.af.milSolaris 2.5.1 172.16.112.207robin.eyrie.af.milSunOS 4.1.4 172.16.113.50zeno.eyrie.af.milSunOS 4.1.4 172.16.113.84duck.eyrie.af.milSunOS 4.1.4 172.16.113.105swallow.eyrie.af.milLinux Redhat 5.0kernel 2.0.32 172.16.113.204goose.eyrie.af.milSolaris 2.5.1 172.16.113.148crow.eyrie.af.milLinux Redhat 5.0kernel 2.0.32 172.16.113.168finch.eyrie.af.milSunOS 4.1.4 172.16.113.169swan.eyrie.af.milSolaris 2.5.1 172.16.113.207pigeon.eyrie.af.milLinux Redhat 5.0kernel 2.0.32 172.16.115.5pc1.eyrie.af.milWindows 95

8 Network 3-2 Inside Hosts IP AddressHostnameOperating SystemNotes 172.16.115.87pc2.eyrie.af.milWindows 95 172.16.115.234pc0.eyrie.af.milWindow NT 4.0Build 1381, Service Pack 1 172.16.116.44pc5.eyrie.af.milWindows 3.1 172.16.116.194pc3.eyrie.af.milWindows 95 172.16.116.201pc4.eyrie.af.milWindows 95 172.16.117.52pc7.eyrie.af.milWindows 3.1 172.16.117.103pc9.eyrie.af.milMacOS 172.16.117.111pc8.eyrie.af.milMacOS 172.16.117.132pc6.eyrie.af.milWindows 3.1 172.16.118.10linux1.eyrie.af.milLinux Redhat 5.2kernel 2.0.36 172.16.118.20linux2.eyrie.af.milLinux Redhat 5.0kernel 2.0.32 172.16.118.30linux3.eyrie.af.milLinux Redhat 5.0kernel 2.0.32 172.16.118.40linux4.eyrie.af.milLinux Redhat 5.0kernel 2.0.32 172.16.118.50linux5.eyrie.af.milLinux Redhat 5.0kernel 2.0.32 172.16.118.60linux6.eyrie.af.milLinux Redhat 5.0kernel 2.0.32 172.16.118.70linux7.eyrie.af.milLinux Redhat 5.0kernel 2.0.32 172.16.118.80linux8.eyrie.af.milLinux Redhat 5.0kernel 2.0.32 172.16.118.90linux9.eyrie.af.milLinux Redhat 5.0kernel 2.0.32 172.16.118.100linux10.eyrie.af.milLinux Redhat 5.0kernel 2.0.32

9 Future Work Depends on The out come of MIT Lincoln Lab Data Analysis

Download ppt "Multi-Route Anomaly detection using Principal Component Analysis Adnan Iqbal Superviser Dr. Waqar Mahmood."

Similar presentations

Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.

Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.
192.168.0.0/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.

/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.
IDPS (Intrusion Detection & Prevention System )

IDPS (Intrusion Detection & Prevention System )
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Firewall Configuration Strategies

Firewall Configuration Strategies
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Multi-Route Anomaly detection using Principal Component Analysis Adnan Iqbal Superviser Dr. Waqar Mahmood 21-06-05.

Multi-Route Anomaly detection using Principal Component Analysis Adnan Iqbal Superviser Dr. Waqar Mahmood
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
1 Weekly Progress (MAGGIE) Adnan Iqbal Superviser Dr. Waqar Mahmood 22-11-05.

1 Weekly Progress (MAGGIE) Adnan Iqbal Superviser Dr. Waqar Mahmood
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Campus Networking Best Practices Session 2: Layer 3 Dale Smith University of Oregon & NSRC

Campus Networking Best Practices Session 2: Layer 3 Dale Smith University of Oregon & NSRC
Internet Bastion Hosts Internal Network Router/Firewall Mail FTP

Internet Bastion Hosts Internal Network Router/Firewall Mail FTP
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Internet Traffic Management Prafull Suryawanshi Roll No - 04IT6008.

Internet Traffic Management Prafull Suryawanshi Roll No - 04IT6008.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Using a Cisco Router as a DHCP Server.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Using a Cisco Router as a DHCP Server.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Figure 6-1 Growth pattern of Internet hosts MillionMillionMillionMillion.

Figure 6-1 Growth pattern of Internet hosts MillionMillionMillionMillion.
23 rd Annual Computer Security Application Conference Miami, Florida 12/13/2007 Dongqing Yuan Department of Information Technology Management University.

23 rd Annual Computer Security Application Conference Miami, Florida 12/13/2007 Dongqing Yuan Department of Information Technology Management University.
Internet Traffic Management. Basic Concept of Traffic Need of Traffic Management Measuring Traffic Traffic Control and Management Quality and Pricing.

Internet Traffic Management. Basic Concept of Traffic Need of Traffic Management Measuring Traffic Traffic Control and Management Quality and Pricing.
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.

Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.

Similar presentations

Ads by Google