Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Account Hijacking Detection Using a Neural Network Nick Pongratz Math 340.

Similar presentations


Presentation on theme: "Computer Account Hijacking Detection Using a Neural Network Nick Pongratz Math 340."— Presentation transcript:

1 Computer Account Hijacking Detection Using a Neural Network Nick Pongratz Math 340

2 Neural Networks - Example Simple Network - [!] graphic taken from http://blizzard.gis.uiuc.edu/htmldocs/Neural/neural.html

3 Neural Networks - Backpropagation - [!] graphic taken from http://blizzard.gis.uiuc.edu/htmldocs/Neural/neural.html

4 Computer Security Introduction General computer use is skyrocketing. Growing reliance on networks. Greater need to “keep the bad guys out.”

5 Computer Security Introduction Reactive Security Proactive Security

6 Computer Security Introduction - Reactive Security - Break-in already occurred or is occurring. Minimize/repair damage already done. Patch the system against further similar attacks.

7 Computer Security Introduction - Reactive Security - Current applications: Most virus scanners Misuse detection Most Intrusion Detection Systems

8 Computer Security Introduction - Proactive Security - Strong passwords and correct permissions. Secure software and operating systems. Find system insecurities before bad guys do. Physical security. Self-adapting, smart systems.

9 Computer Security Introduction - Proactive Security - Current applications: Self-assessment Some virus scanners – heuristics Anomaly detection

10 Intrusion Detection Systems - General Info - Most are reactive. Detect strange behavior. Analyze user I/O, network I/O, processes. Look for misuse and anomalies.

11 Intrusion Detection Systems - Misuse Detection - Compare activity with “signatures” of known attacks. Signatures typically hand-coded. Good for known attacks Bad for previously unknown attacks

12 Intrusion Detection Systems - Anomaly Detection - Compare activity with typical activity “Fingerprints” Adaptive Good for detecting unusual behavior. Not great for realtime monitoring.

13 MY PROJECT: Neural Network Anomaly Detection System

14 Currently analyses user behavior Checks against fingerprints Extendable Adaptive Semi-hybrid: Mostly reactive, has proactive elements

15 Neural Network Anomaly Detection System - Neural Net Technical Details - Currently implemented in MATLAB. Object-oriented. Uses a feedforward backpropagation neural network. Input: vector of command-use frequency. Output: vector of true/false guesses of the corresponding users.

16 Neural Network Anomaly Detection System - System Details - 1.Sysadmin runs logs through trained network. 2.System reports the status of the results. 3.Admin (or an automation system) acts on report.

17 Neural Network Anomaly Detection System - Pros and Cons - Pros: Accurate Extendable Adjusts Cons: After-the-fact (not realtime) Training data MUST be legitimate Training can take a while One part of complete security system

18 Neural Network Anomaly Detection System - Future Directions - Extend to network communication. Extend to running processes. Include progression information in training. Realtime (?) Automatic response automation (?)

19 Any Questions, Comments, Protests, a Summer Job For Me? Nick Pongratz njpongratz@students.wisc.edu njpongratz@students.wisc.edu http://www.cs.wisc.edu/~nicholau/ Thank You!


Download ppt "Computer Account Hijacking Detection Using a Neural Network Nick Pongratz Math 340."

Similar presentations


Ads by Google