Download presentation
Presentation is loading. Please wait.
Published byBuck Franklin Modified over 9 years ago
1
An Agent-based Bayesian Forecasting Model for Enhancing Network Security J. PIKOULAS, W.J. BUCHANAN, Napier University, Edinburgh, UK. M. MANNION, Glasgow Caledonian University, Glasgow, UK. K. TRIANTAFYLLOPOULOS, University of Warwick, UK.
2
Hacking methods: IP spoofing. Packet-sniffing. Password attack. Sequence number prediction attacks. Session hi-jacking attacks. Shared library attacks. Social Engineering attacks. Technological vulnerability attack. Trust-access attacks. Hacking methods: IP spoofing. Packet-sniffing. Password attack. Sequence number prediction attacks. Session hi-jacking attacks. Shared library attacks. Social Engineering attacks. Technological vulnerability attack. Trust-access attacks. IP spoofing IP spoofing Packet sniffing Packet sniffing Packet sniffing Packet sniffing
3
Hacking methods: IP spoofing. Packet-sniffing. Password attack. Sequence number prediction attacks. Session hi-jacking attacks. Shared library attacks. Social Engineering attacks. Technological vulnerability attack. Trust-access attacks. Hacking methods: IP spoofing. Packet-sniffing. Password attack. Sequence number prediction attacks. Session hi-jacking attacks. Shared library attacks. Social Engineering attacks. Technological vulnerability attack. Trust-access attacks. Shared library Shared library Social engineering Social engineering Password attack Password attack
4
Security programs: Security enhancement software. Enhances the operating system’s security. Authentication and encryption software. Such as Kerebos, RSA, and so on. Security monitoring software. Network monitoring software. Firewall software and hardware. Security programs: Security enhancement software. Enhances the operating system’s security. Authentication and encryption software. Such as Kerebos, RSA, and so on. Security monitoring software. Network monitoring software. Firewall software and hardware. Firewall Encryption and authentication Security enhancement Security enhancement Public key Private key Public key Private key User’s public key is used to encrypt data User’s private key is used to decrypt data Encrypted data INFO ENCR INFO Operating System Operating System Security Enhancement
5
Problem with existing security methods: Centralized. They tends to be based on a central server, which can become the target of an attack. No real-time response. They tend not to be able to respond to events as they occur, and rely on expert filtering. No ability to foresee events. Problem with existing security methods: Centralized. They tends to be based on a central server, which can become the target of an attack. No real-time response. They tend not to be able to respond to events as they occur, and rely on expert filtering. No ability to foresee events. Denial-of- service Denial-of- service Centralized Many external accesses eventually reduce the accessibility of the server: such as with Yahoo.com, eBay, Amazon, CNN, ZDNet and Excite (Feb 2000). Firewall Central server Central storage Centralized security can lead to attacks as the central resource becomes the focus of attacks Financial losses (2000/01) Financial losses (2000/01) Financial losses (2000/01): 1.Virus (70%). 2.Net abuse (45%). 3.Laptop theft (45%). 4.Denial of service (21%) 5.Unauthorized access (16%). 6.System penetration (14%). 7.Sabotage (12%).
6
Agent-based distributed security system: Agents work independently from the server. This reduces the workload on the server, and also the dependency on it. Agents download the user profile from the server. The agents can then learn the profile of the user and update it when they log-out. Agents can be responsible for security. Agent-based distributed security system: Agents work independently from the server. This reduces the workload on the server, and also the dependency on it. Agents download the user profile from the server. The agents can then learn the profile of the user and update it when they log-out. Agents can be responsible for security. Distributed agent-based Distributed agent-based Centralized
7
Core Agent Core Agent Agent compares usage with forecast User agent updates the forecasting model User agent returns the updated model to the user Core agent sends forecasting information Agent reports any changes In behaviour Agent monitors Current usage User profile User profile User profile User profile User Agent User Agent User logs off Agent-based distributed security system with forecasting
8
Agent environment topology Sensor. Monitors software applications. Transmitter. Sends information to the server. Profile reader. Reads the users historical profile. Comparator. Compares user’s history with the information read by the sensor. Agent environment topology Sensor. Monitors software applications. Transmitter. Sends information to the server. Profile reader. Reads the users historical profile. Comparator. Compares user’s history with the information read by the sensor.
9
Traditional method of forecasting against Bayesian forecasting
10
Prediction model: Observation stage. In this stage the model is monitoring the user and records its behaviour. Evaluation stage. In this stage the model makes a prediction and also monitors the user actual movements and calculates the result. This stage is critical, because the model modifies itself according to the environment that it operates in. One-step prediction. In this stage the model makes a single step prediction. For example, assume that the user is logged in for 15 times and the model is configured, and it is ready to start predicting user moves. Instead of making a five or ten step prediction, like other mathematical models, our model makes a prediction for the next step. When the user logs in and out of our model, it takes the actual behaviour of the user, compares it with the one step prediction that it has performed before and calculates the error. So the next time a prediction is made for this user it will include also the data of the last user behaviour. With this procedure we maximise the accuracy of the prediction system. Prediction model: Observation stage. In this stage the model is monitoring the user and records its behaviour. Evaluation stage. In this stage the model makes a prediction and also monitors the user actual movements and calculates the result. This stage is critical, because the model modifies itself according to the environment that it operates in. One-step prediction. In this stage the model makes a single step prediction. For example, assume that the user is logged in for 15 times and the model is configured, and it is ready to start predicting user moves. Instead of making a five or ten step prediction, like other mathematical models, our model makes a prediction for the next step. When the user logs in and out of our model, it takes the actual behaviour of the user, compares it with the one step prediction that it has performed before and calculates the error. So the next time a prediction is made for this user it will include also the data of the last user behaviour. With this procedure we maximise the accuracy of the prediction system.
11
Prediction parameters: n –Window size. z – Prediction number. t – time unit. Prediction parameters: n –Window size. z – Prediction number. t – time unit. Sample parameters: n = 15 z = 5 t = 1 hr Sample parameters: n = 15 z = 5 t = 1 hr Forecasting calculation
12
Intervention Useful in responding to exception data, such as when there is not enough data about a user. Intervention Useful in responding to exception data, such as when there is not enough data about a user.
17
Bayesian mathematics: As we see in the following equation we are introducing a parameter matrix, an random matrix with left variance matrix, right variance matrix.
18
Conclusions: Fast and simple model. It requires less preparation than other models. Provides good prediction results. Requires very little storage of user activity. Small increase in CPU processing. Only a 1-2% increase in CPU processing has been measured. Model learns with very little initial settings. Other models require some initial parameter settings to make them work well. Conclusions: Fast and simple model. It requires less preparation than other models. Provides good prediction results. Requires very little storage of user activity. Small increase in CPU processing. Only a 1-2% increase in CPU processing has been measured. Model learns with very little initial settings. Other models require some initial parameter settings to make them work well.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.