Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Traffic Filtering System based on Data Mining Approach Vladimir Maslyakov Computer Science Department of Lomonosov Moscow State University.

Published byBruce Clarence Cooper Modified over 9 years ago

Similar presentations

Presentation on theme: "Internet Traffic Filtering System based on Data Mining Approach Vladimir Maslyakov Computer Science Department of Lomonosov Moscow State University."— Presentation transcript:

1 Internet Traffic Filtering System based on Data Mining Approach Vladimir Maslyakov Computer Science Department of Lomonosov Moscow State University

2 Plan Actuality Current Approaches Our Approach Results

3 Actuality 1.About 30% of its work time knowledge workers spend on personal usage: surfing Internet, chatting, entertaining, etc* 2.Only 40% of organizations use some software to control Internet traffic 3.90% of organizations would like to use some sort of software to control Internet traffic** * Dan Malachowski (2005, July 11) Salary.com “Wasting Time at Work Costing Companies Billions” ** Karl Donert, Sara Carro Martinez (2002, December 23) “End-user Requirements: Final Report”

4 Goals to prevent access to unwanted content. A common scenario for schools and libraries; to detect harmful content (viruses, spam, trojans, etc) or links to such content; to detect possible intrusion threats or suspicious traffic; to reduce number of leakages of confidential information; to prevent unwanted usage of Internet during working time.

5 Problems Modern Internet: 1.is HUGE 2.is constantly changing (in size and content) 3.mostly consists of dynamic resources Organizations want: 1.to be independent of knowledge bases from third-party companies 2.a good precision of filtering with minimum number of errors 3.maximum performance with minimum resources

6 Requirements the ability to process and filter information online, which means that end users should not experience significant delays because of traffic filtering; high precision of filtering (low rates of false- positive and false-negative errors); the ability to process dynamic content; the ability to adapt to new types of resources and filter resources using its content as well as its metadata; scalability, the ability to be installed in organizations of different scale.

7 Desirable features Independence of language of Internet resources Configurability and ability to adapt to specific organization needs Ability to analyze traffic transparently to end users

8 Plan Actuality Current Approaches Our Approach Results

9 Traffic Filtering Systems Classification

10 Characteristics speed of filtering (kbytes/sec); false-positive errors, cases when system forbids access to legal resource (%); false-negative errors, cases when system allows access to forbidden resource (%); precision of filtering, ratio of correctly allowed and correctly forbidden resources to the total number of analyzed resources (%).

11 Problems There is no benchmarks and methodologies for testing Internet Traffic Filtering Software There is even no datasets on which tests could be performed

12 Signature Approach Bring signature database of analyzed resources to up-to- date state. Process requests from users in real-time. If Internet resource A is marked as harmful, access to the resource is forbidden. But Content at the update stage and content at the stage of analysis could be different!

13 Advantages of Signature Approach The signature database is usually centralized and is maintained by some organization Content analysis is often not used at all => very good speed Human experts precision is very good (>95%)

14 Disadvantages of Signature Approach speed and precision of analysis significantly depends on quality of centralized knowledge base analysis of Internet resources without using its content or poor precision of content analysis inability to add new types and categories of resources

15 Other drawbacks of modern solutions inability to personalize traffic inability to analyze resources in different languages inability to analyze dynamic content online outdated databases etc

16 Plan Actuality Current Approaches Our Approach Results

17 Architecture

18 Components of System Cache Proxy Server (Squid with ICAP support) Java-based Kernel with built-in ICAP client Java-based Decision Making Module C++-based Parser (antlr) C++-based Classifier (Perceptron, SVM) XML-RPC for interoperability between different components (apache xml-rpc)

19 Data Mining Approach A fully automatic process of training on test data. All requests are identified and transparently redirected from cache proxy server to the kernel of the system. Kernel saves all information about the requested resource and the request’s author. Parser tokenizes html content and extracts all the links Classifier assigns categories to requested resource, based on output of parser, and returns results to Decision Making Module Decision Making Module decides whether to allow or forbid current resource to user, basing on classification labels, resource metadata and user rights.

20 Additional features Analysis of resource in offline using robot to extract information about hyperlinks => higher precision Ability to make incrementive learning of algorithm Ability to parse using n-gramm methods => independence of language (payback - lower precision) User identification by ip address

21 Advantages of Data Mining Approach necessary speed of analysis (decimal fractions of a second); necessary precision of analysis (more than 90% with 1% of false- positive errors); adaptation and self-learning, which will allow to adapt to specific organization needs; scalability of result system, which will allow to deploy system in organizations of different scale; autonomy from external knowledge bases and human experts.

22 Disadvantages of Data Mining Approach higher rate of false-positive errors than signature approach necessity of training data

23 Future Plans to develop rdf knowledge base of users, statistics and resources (based on HP Jena or Protégé) to enhance identification algorithms (SSO and LDAP support) to enhance decision making strategies (bayesian networks or svm) to implement more sophisticated user rights system

24 Plan Actuality Current Approaches Our Approach Results

25 What we have A developed prototype Pentium III 550 Mhz with 384 Mbs of RAM Debian 4.0 Etch Java 1.5.0 Tomcat 5.0 Gcc 4.1.2 Some other third-party libraries (antlr 2.7.7, apache xml-rpc 3.0, berkeley db 4.5.20, etc)

26 Training Corpus Bank Research Corpus 11 themes (Java, Visual Basic, Astronomy, …) 11000 documents, 1000 for each theme

27 Results Training average speed: 1.3 seconds per document – ln(n) Average Download Speed: 2 seconds Parsing & Classification average speed: 0.6 seconds – n Accuracy: ~90% False-positive errors: ~1-2%

28 Thank You! Q & A

Download ppt "Internet Traffic Filtering System based on Data Mining Approach Vladimir Maslyakov Computer Science Department of Lomonosov Moscow State University."

Similar presentations

© Copyright 2012 STI INNSBRUCK Apache Lucene Ioan Toma based on slides from Aaron Bannert

© Copyright 2012 STI INNSBRUCK Apache Lucene Ioan Toma based on slides from Aaron Bannert
Web Content Filter: technology for social safe browsing Ilya Tikhomirov Institute for Systems Analysis of the Russian Academy of Sciences

Web Content Filter: technology for social safe browsing Ilya Tikhomirov Institute for Systems Analysis of the Russian Academy of Sciences
Adding scalability to legacy PHP web applications Overview Mario A. Valdez-Ramirez.

Adding scalability to legacy PHP web applications Overview Mario A. Valdez-Ramirez.
NETWORK LOAD BALANCING NLB.  Network Load Balancing (NLB) is a Clustering Technology.  Windows Based. (windows server).  To scale performance, Network.

NETWORK LOAD BALANCING NLB.  Network Load Balancing (NLB) is a Clustering Technology.  Windows Based. (windows server).  To scale performance, Network.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
Web Server Hardware and Software

Web Server Hardware and Software
Neural Technology and Fuzzy Systems in Network Security Project Progress 2 Group 2: Omar Ehtisham Anwar 2005-02-0129 Aneela Laeeq 2005-02-0023.

Neural Technology and Fuzzy Systems in Network Security Project Progress 2 Group 2: Omar Ehtisham Anwar Aneela Laeeq
Academic Advisor: Dr. Yuval Elovici Technical Advisor: Dr. Lidror Troyansky ADD Presentation.

Academic Advisor: Dr. Yuval Elovici Technical Advisor: Dr. Lidror Troyansky ADD Presentation.
Jun Peng Stanford University – Department of Civil and Environmental Engineering Nov 17, 2000 DISSERTATION PROPOSAL A Software Framework for Collaborative.

Jun Peng Stanford University – Department of Civil and Environmental Engineering Nov 17, 2000 DISSERTATION PROPOSAL A Software Framework for Collaborative.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Department Of Computer Engineering

Department Of Computer Engineering
Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.

Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.
Windows Server 2008 Chapter 8 Last Update 2012.05.31 1.0.0.

Windows Server 2008 Chapter 8 Last Update
Internet GIS. A vast network connecting computers throughout the world Computers on the Internet are physically connected Computers on the Internet use.

Internet GIS. A vast network connecting computers throughout the world Computers on the Internet are physically connected Computers on the Internet use.
Introduction to Databases Transparencies 1. ©Pearson Education 2009 Objectives Common uses of database systems. Meaning of the term database. Meaning.

Introduction to Databases Transparencies 1. ©Pearson Education 2009 Objectives Common uses of database systems. Meaning of the term database. Meaning.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
Reducing False-Positives and False-Negatives in Security Event Data Using Context Derek G. Shaw August 2011.

Reducing False-Positives and False-Negatives in Security Event Data Using Context Derek G. Shaw August 2011.

Similar presentations

Ads by Google