Download presentation
Presentation is loading. Please wait.
Published byPatricia Snow Modified over 9 years ago
1
Computer Account Hijacking Detection Using a Neural Network Nick Pongratz Math 340
2
Neural Networks - Example Simple Network - [!] graphic taken from http://blizzard.gis.uiuc.edu/htmldocs/Neural/neural.html
3
Neural Networks - Backpropagation - [!] graphic taken from http://blizzard.gis.uiuc.edu/htmldocs/Neural/neural.html
4
Computer Security Introduction General computer use is skyrocketing. Growing reliance on networks. Greater need to “keep the bad guys out.”
5
Computer Security Introduction Reactive Security Proactive Security
6
Computer Security Introduction - Reactive Security - Break-in already occurred or is occurring. Minimize/repair damage already done. Patch the system against further similar attacks.
7
Computer Security Introduction - Reactive Security - Current applications: Most virus scanners Misuse detection Most Intrusion Detection Systems
8
Computer Security Introduction - Proactive Security - Strong passwords and correct permissions. Secure software and operating systems. Find system insecurities before bad guys do. Physical security. Self-adapting, smart systems.
9
Computer Security Introduction - Proactive Security - Current applications: Self-assessment Some virus scanners – heuristics Anomaly detection
10
Intrusion Detection Systems - General Info - Most are reactive. Detect strange behavior. Analyze user I/O, network I/O, processes. Look for misuse and anomalies.
11
Intrusion Detection Systems - Misuse Detection - Compare activity with “signatures” of known attacks. Signatures typically hand-coded. Good for known attacks Bad for previously unknown attacks
12
Intrusion Detection Systems - Anomaly Detection - Compare activity with typical activity “Fingerprints” Adaptive Good for detecting unusual behavior. Not great for realtime monitoring.
13
MY PROJECT: Neural Network Anomaly Detection System
14
Currently analyses user behavior Checks against fingerprints Extendable Adaptive Semi-hybrid: Mostly reactive, has proactive elements
15
Neural Network Anomaly Detection System - Neural Net Technical Details - Currently implemented in MATLAB. Object-oriented. Uses a feedforward backpropagation neural network. Input: vector of command-use frequency. Output: vector of true/false guesses of the corresponding users.
16
Neural Network Anomaly Detection System - System Details - 1.Sysadmin runs logs through trained network. 2.System reports the status of the results. 3.Admin (or an automation system) acts on report.
17
Neural Network Anomaly Detection System - Pros and Cons - Pros: Accurate Extendable Adjusts Cons: After-the-fact (not realtime) Training data MUST be legitimate Training can take a while One part of complete security system
18
Neural Network Anomaly Detection System - Future Directions - Extend to network communication. Extend to running processes. Include progression information in training. Realtime (?) Automatic response automation (?)
19
Any Questions, Comments, Protests, a Summer Job For Me? Nick Pongratz njpongratz@students.wisc.edu njpongratz@students.wisc.edu http://www.cs.wisc.edu/~nicholau/ Thank You!
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.