Presentation is loading. Please wait.

Presentation is loading. Please wait.

Machine Learning in Intrusion Detection Systems (IDS)

Published byPiers Osborne Modified over 9 years ago

Similar presentations

Presentation on theme: "Machine Learning in Intrusion Detection Systems (IDS)"— Presentation transcript:

1 Machine Learning in Intrusion Detection Systems (IDS)

2 2 papers:  Artificial Intelligence & Intrusion Detection: Current & Future Directions [AIID] –J. Frank  Applying Genetic Programming to Intrusion Detection [GP] –M. Crosbie, G. Spafford

3 AIID  What is intrusion detection?  What are the issues in Intrusion Detection? –Data collection –Data reduction –Behavior Classification –Reporting –Response

4 AIID  AI methods are used to help solve some issues  For data classification: –Classifier systems Neural Network Decision Tree Feature Selection

5 AIID  Data Reduction –Data Filtering –Feature Selection –Data Clustering

6 AIID  Behavior Classification –Expert Systems –Anomaly Detection –Rule-Based Induction

7 AIID  An experiment using Feature Selection –Info. about network connections using a Network Security Monitor

8 AIID  3 Search algorithms used: –Backward Sequential Search (BSS) –Beam Search (BS) –Random Generation Plus Sequential Selection (RS)

9 AIID  Algorithm performance

10 AIID  Error Rate Performance (All) [I, W, T, PS, PD, DS] [T, PD, DS] Best

11 AIID  Error Rate Performance (SMTP) [W, T, PS, PD, DS] Best

12 AIID  Error Rate Performance (Login) Best [W, T, PS, PD] [T, PD, DS] RGSS

13 AIID  Error Rate Performance (Shell) [W, PS, PD, DS] BS & BSS Best [W, T, PS, DS] RS

14 GP (Applying Genetic Programming to Intrusion Detection)  An IDS that exploits the learning power of Genetic Programming  Two types of security tools : –Pro-active –Reactive : IDS falls in this catergory

15 GP  Components in an IDS –Anomaly May indicate a possible intrusion –So how do we know for sure? Expert-system Rule-set = model Metrics Comparing metrics & model  But … If a new intrusion scenario arises modifying the IDS is complicated

16 GP  A finer-grained approach IDS gets split into multiple Autonomous Agents

17 GP

18  Using GP for learning –Instead of a monolithic static “knowledge base” –The GP paradigm allows evolution of agents that could be placed in a system to monitor audit data –GP programs are in a simple meta-language Have primitives that access audit data fields and manipulate them

19 GP  Internal agent architecture

20 GP  Learning by feedback  What do the agents monitor? –Inter-packet timing metrics: Total # of socket connections, average time between socket connections, minimum time between socket connections, maximum time between socket connections, destination port, source port –Potential intrusions looked for: Port flooding, port-walking, probing, password cracking

21 GP  Δ = | outcome – suspicion |  Penalty = Δ * ranking /100  Fitness = (100 – Δ) - penalty

22 GP  Multiple types: –Time (long int), port (int), boolean, suspicion (int)  Problems with multiple types  ADF solution to type safety –ADF: Automatically Defined Function –To monitor network timing: avg_interconn_time, min_interconn_time, max_interconn_time –For port monitoing: src_port, dest_port –For privileged port checking: is_priv_dest_port, is_priv_src_port

23 GP  Experimental results:

24 That’s it !!!

25 Too old a research idea … did not find any current researches in the same field

Download ppt "Machine Learning in Intrusion Detection Systems (IDS)"

Similar presentations

Flytrap: A Proposed Network-Based Strategy for Dynamically Managing Security.

Flytrap: A Proposed Network-Based Strategy for Dynamically Managing Security.
An Introduction to Artificial Intelligence. Introduction Getting machines to “think”. Imitation game and the Turing test. Chinese room test. Key processes.

An Introduction to Artificial Intelligence. Introduction Getting machines to “think”. Imitation game and the Turing test. Chinese room test. Key processes.
EXPERT SYSTEMS apply rules to solve a problem. –The system uses IF statements and user answers to questions in order to reason just like a human does.

EXPERT SYSTEMS apply rules to solve a problem. –The system uses IF statements and user answers to questions in order to reason just like a human does.
Biologically Inspired AI (mostly GAs). Some Examples of Biologically Inspired Computation Neural networks Evolutionary computation (e.g., genetic algorithms)

Biologically Inspired AI (mostly GAs). Some Examples of Biologically Inspired Computation Neural networks Evolutionary computation (e.g., genetic algorithms)
4-1 Management Information Systems for the Information Age Copyright 2002 The McGraw-Hill Companies, Inc. All rights reserved Chapter 4 Decision Support.

4-1 Management Information Systems for the Information Age Copyright 2002 The McGraw-Hill Companies, Inc. All rights reserved Chapter 4 Decision Support.
The Decision-Making Process IT Brainpower

The Decision-Making Process IT Brainpower
Machine Learning CPSC 315 – Programming Studio Spring 2009 Project 2, Lecture 5.

Machine Learning CPSC 315 – Programming Studio Spring 2009 Project 2, Lecture 5.
1 Chapter 10 Introduction to Machine Learning. 2 Chapter 10 Contents (1) l Training l Rote Learning l Concept Learning l Hypotheses l General to Specific.

1 Chapter 10 Introduction to Machine Learning. 2 Chapter 10 Contents (1) l Training l Rote Learning l Concept Learning l Hypotheses l General to Specific.
SESSION 10 MANAGING KNOWLEDGE FOR THE DIGITAL FIRM.

SESSION 10 MANAGING KNOWLEDGE FOR THE DIGITAL FIRM.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
Genetic Algorithms and Their Applications John Paxton Montana State University August 14, 2003.

Genetic Algorithms and Their Applications John Paxton Montana State University August 14, 2003.
Marakas: Decision Support Systems, 2nd Edition © 2003, Prentice-Hall Chapter 7 - 1 Chapter 7: Expert Systems and Artificial Intelligence Decision Support.

Marakas: Decision Support Systems, 2nd Edition © 2003, Prentice-Hall Chapter Chapter 7: Expert Systems and Artificial Intelligence Decision Support.
Behavior- Based Approaches Behavior- Based Approaches.

Behavior- Based Approaches Behavior- Based Approaches.
UNIVERSITY OF JYVÄSKYLÄ Resource Discovery in Unstructured P2P Networks Distributed Systems Research Seminar on 22.3.2007 Mikko Vapa, research student.

UNIVERSITY OF JYVÄSKYLÄ Resource Discovery in Unstructured P2P Networks Distributed Systems Research Seminar on Mikko Vapa, research student.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
By : Anas Assiri.  Introduction  fraud detection  Immune system  Artificial immune system (AIS)  AISFD  Clonal selection.

By : Anas Assiri.  Introduction  fraud detection  Immune system  Artificial immune system (AIS)  AISFD  Clonal selection.
Classifiers, Part 3 Week 1, Video 5 Classification  There is something you want to predict (“the label”)  The thing you want to predict is categorical.

Classifiers, Part 3 Week 1, Video 5 Classification  There is something you want to predict (“the label”)  The thing you want to predict is categorical.
Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)

Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)
CHAPTER 12 ADVANCED INTELLIGENT SYSTEMS © 2005 Prentice Hall, Decision Support Systems and Intelligent Systems, 7th Edition, Turban, Aronson, and Liang.

CHAPTER 12 ADVANCED INTELLIGENT SYSTEMS © 2005 Prentice Hall, Decision Support Systems and Intelligent Systems, 7th Edition, Turban, Aronson, and Liang.

Similar presentations

Ads by Google