Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Account Hijacking Detection Using a Neural Network Nick Pongratz Math 340.

Published byPatricia Snow Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Account Hijacking Detection Using a Neural Network Nick Pongratz Math 340."— Presentation transcript:

1 Computer Account Hijacking Detection Using a Neural Network Nick Pongratz Math 340

2 Neural Networks - Example Simple Network - [!] graphic taken from http://blizzard.gis.uiuc.edu/htmldocs/Neural/neural.html

3 Neural Networks - Backpropagation - [!] graphic taken from http://blizzard.gis.uiuc.edu/htmldocs/Neural/neural.html

4 Computer Security Introduction General computer use is skyrocketing. Growing reliance on networks. Greater need to “keep the bad guys out.”

5 Computer Security Introduction Reactive Security Proactive Security

6 Computer Security Introduction - Reactive Security - Break-in already occurred or is occurring. Minimize/repair damage already done. Patch the system against further similar attacks.

7 Computer Security Introduction - Reactive Security - Current applications: Most virus scanners Misuse detection Most Intrusion Detection Systems

8 Computer Security Introduction - Proactive Security - Strong passwords and correct permissions. Secure software and operating systems. Find system insecurities before bad guys do. Physical security. Self-adapting, smart systems.

9 Computer Security Introduction - Proactive Security - Current applications: Self-assessment Some virus scanners – heuristics Anomaly detection

10 Intrusion Detection Systems - General Info - Most are reactive. Detect strange behavior. Analyze user I/O, network I/O, processes. Look for misuse and anomalies.

11 Intrusion Detection Systems - Misuse Detection - Compare activity with “signatures” of known attacks. Signatures typically hand-coded. Good for known attacks Bad for previously unknown attacks

12 Intrusion Detection Systems - Anomaly Detection - Compare activity with typical activity “Fingerprints” Adaptive Good for detecting unusual behavior. Not great for realtime monitoring.

13 MY PROJECT: Neural Network Anomaly Detection System

14 Currently analyses user behavior Checks against fingerprints Extendable Adaptive Semi-hybrid: Mostly reactive, has proactive elements

15 Neural Network Anomaly Detection System - Neural Net Technical Details - Currently implemented in MATLAB. Object-oriented. Uses a feedforward backpropagation neural network. Input: vector of command-use frequency. Output: vector of true/false guesses of the corresponding users.

16 Neural Network Anomaly Detection System - System Details - 1.Sysadmin runs logs through trained network. 2.System reports the status of the results. 3.Admin (or an automation system) acts on report.

17 Neural Network Anomaly Detection System - Pros and Cons - Pros: Accurate Extendable Adjusts Cons: After-the-fact (not realtime) Training data MUST be legitimate Training can take a while One part of complete security system

18 Neural Network Anomaly Detection System - Future Directions - Extend to network communication. Extend to running processes. Include progression information in training. Realtime (?) Automatic response automation (?)

19 Any Questions, Comments, Protests, a Summer Job For Me? Nick Pongratz njpongratz@students.wisc.edu njpongratz@students.wisc.edu http://www.cs.wisc.edu/~nicholau/ Thank You!

Download ppt "Computer Account Hijacking Detection Using a Neural Network Nick Pongratz Math 340."

Similar presentations

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
Anomaly Based Intrusion Detection System

Anomaly Based Intrusion Detection System
Information Security Policies and Standards

Information Security Policies and Standards
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.

1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
seminar on Intrusion detection system

seminar on Intrusion detection system
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
DIYTP 2009. Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)

DIYTP Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)
Department Of Computer Engineering

Department Of Computer Engineering
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.

Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.
Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.

Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.
Network security policy: best practices

Network security policy: best practices

Similar presentations

Ads by Google