Presentation is loading. Please wait.

Presentation is loading. Please wait.

Flow Anomaly Detection in Firewalled Networks Research Report Mike Chapple December 15, 2005.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Flow Anomaly Detection in Firewalled Networks Research Report Mike Chapple December 15, 2005."— Presentation transcript:

1 Flow Anomaly Detection in Firewalled Networks Research Report Mike Chapple December 15, 2005

2 The Problem Intruders are Clever!

3 Firewall Anomaly Detection

4 FADS Architecture

5 Forecast Development Evaluation Criteria –Number of connections –Bytes to client –Bytes to server Data Segmentation –Six time segments –Weekday traffic only

6 Modeling Techniques 1020 3040 50 Average 30 Standard Deviation 14 Forecast Range 9-51 Median 30 Interquartile Range 20 Forecast Range 0-60 1020 3040 6,000 Average 880 Standard Deviation 2,257 Forecast Range -2,507 – 4,267 Median 30 Interquartile Range 20 Forecast Range 0-60

7 Evaluation Goals Determine whether FADS produces a manageable number of alerts Evaluate impact of external traffic Examine three case studies for evidence of system effectiveness Demonstrate performance is within bounds of feasibility

8 Goal #1: Feasibility 1.5IQ1.5SD3IQ3SD Normal7797722982488490 Overflow962958738388 Underflow6851066458375

9 Goal #2: Impact of External Traffic

10 Goal #3: Case Studies Underflow alerts to a web server supporting academic functions Overflow events to a reporting server in production datacenter Overflow events related to file integrity monitoring

11 Goal #4: Performance Feasible to port this system to an online application –Processing 6-hour log file < 10 minutes –Forecasts generated in < 30 seconds –Evaluation dataset processed in ~ 4 seconds

12 Future Work Evaluation with extended dataset Advanced modeling techniques including periodicity Dynamic selection of time segments Automation of processing for online analysis

13 Questions?

Download ppt "Flow Anomaly Detection in Firewalled Networks Research Report Mike Chapple December 15, 2005."

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Automates / supports all / many project management activities For the planning / monitoring / controlling of the project’s schedule and cost Such as identifying.

Automates / supports all / many project management activities For the planning / monitoring / controlling of the project’s schedule and cost Such as identifying.
SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
Network Traffic Anomaly Detection Based on Packet Bytes Matthew V. Mahoney Florida Institute of Technology

Network Traffic Anomaly Detection Based on Packet Bytes Matthew V. Mahoney Florida Institute of Technology
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
Behavior Intrusion Detection: Enhanced Hakan Evecek Rodolfo Ortiz Hakan Evecek Rodolfo Ortiz.

Behavior Intrusion Detection: Enhanced Hakan Evecek Rodolfo Ortiz Hakan Evecek Rodolfo Ortiz.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
ANOMALY DETECTION AND CHARACTERIZATION: LEARNING AND EXPERIANCE YAN CHEN – MATT MODAFF – AARON BEACH.

ANOMALY DETECTION AND CHARACTERIZATION: LEARNING AND EXPERIANCE YAN CHEN – MATT MODAFF – AARON BEACH.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
Report on statistical Intrusion Detection systems By Ganesh Godavari.

Report on statistical Intrusion Detection systems By Ganesh Godavari.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
Internet Traffic Analysis for Threat Detection Joshua Thomas, CISSP Thomas Conley, CISSP Ohio University Communication Network Services Joshua Thomas,

Internet Traffic Analysis for Threat Detection Joshua Thomas, CISSP Thomas Conley, CISSP Ohio University Communication Network Services Joshua Thomas,
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Department Of Computer Engineering

Department Of Computer Engineering
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Similar presentations

Ads by Google