Presentation is loading. Please wait.

Presentation is loading. Please wait.

Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)

Published bySilvia Newman Modified over 9 years ago

Similar presentations

Presentation on theme: "Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)"— Presentation transcript:

1 http://brie.com/brian/netga/

2 Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)

3 Custom rules to identify attacks SNORT Experience

4 Statistical Packet Anomaly Detection Engine SNORT Plugin. Disappeared!!!

5 MS Project – What to do? Network Security Artificial Inteligence

6 Nprobe (Luca Deri) Genetic Algorithm Paper (Ren Hui Gong) NetGA http://brie.com/brian/netga/ Integration and further development (Me!)

7 How the Genetic Algorithm Works! Training Data

8 Training Data

9 DARPA http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1998data.html Training Data Source

10 Make Rules that Match only attacks (Orange)! Training Data

11 Individual Chromosome

12 Individual Evolution

13 Individual Elitism New Popluation Old Popluation Clone Two best of each attack Type

14 Individual Crossover. Making Children

15 Individual Mutation Only happens on rare occasions

16 00,-1,-1 exec 00043517 00000079 192.168.001.040 010.168.000.020 guess Fitness 0.0000 00,-1,02 ftp 00001847 00001021 192.168.001.030 192.168.000.020 guess Fitness 0.0000 00,-1,-1 exec 00043517 00000079 192.168.001.040 010.168.000.020 guess Fitness 0.0000 00,-1,02 ftp 00001847 00001021 192.168.001.030 192.168.000.020 guess Fitness 0.0000 00,01,42 ftp 00043538 00000513 192.168.000.030 010.168.000.020 rcp Fitness 0.0000 00,01,23 rlogin 00001769 00000512 192.168.000.040 010.168.000.020 rcp Fitness 0.0000 00,01,57 smtp -0000001 00000512 192.-01.000.030 010.168.000.-01 port-scan fitness 0.0000 Individuals Start!

17 00,00,14 rlogin -0000001 00000513 192.168.001.030 192.168.000.020 rsh fitness is 0.8031 00,00,14 rlogin -0000001 00000513 192.168.001.030 192.168.000.020 rsh fitness is 0.8031 00,00,04 rlogin -0000001 -0000001 192.168.001.030 192.168.000.020 port-scan fitness is 0.8031 00,-1,23 telnet -0000001 00000023 192.168.001.030 192.168.000.020 guess fitness is 0.8063 00,-1,05 -0001 -0000001 -0000001 192.168.001.030 192.168.000.020 port-scan fitness is 0.8063 -1,-1,05 -0001 -0000001 -0000001 192.168.001.030 192.168.000.020 port-scan fitness is 0.8063 00,-1,23 telnet -0000001 00000023 192.168.001.030 192.168.000.020 guess fitness is 0.8063 Individuals Finish!

18 NetGA Plugin matches connection pool In nProbe. nProbe Layout

19 nProbe code Development and Testing Dummy Interface # modprobe dummy0 # ifconfig dummy0 0.0.0.0 TCP Replay # tcpreplay -i dummy0 sample_data01.tcpdump Run nProbe # nprobe -i dummy0 –netGA=

20 NetGA http://brie.com/brian/netga/ Isaac Newton

Download ppt "Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)"

Similar presentations

Bro: A System for Detecting Network Intruders in Real-Time Vern Paxson Lawrence Berkeley National Laboratory,Berkeley, CA A stand-alone system for detecting.

Bro: A System for Detecting Network Intruders in Real-Time Vern Paxson Lawrence Berkeley National Laboratory,Berkeley, CA A stand-alone system for detecting.
The story beyond Artificial Immune Systems Zhou Ji, Ph.D. Center for Computational Biology and Bioinformatics Columbia University Wuhan, China 2009.

The story beyond Artificial Immune Systems Zhou Ji, Ph.D. Center for Computational Biology and Bioinformatics Columbia University Wuhan, China 2009.
School of Applied Technology, Dep. Of Computer Engineering, T.E.I of Epirus A-Class: a novel classification method I.Tsoulos, A. Tzallas, E. Glavas.

School of Applied Technology, Dep. Of Computer Engineering, T.E.I of Epirus A-Class: a novel classification method I.Tsoulos, A. Tzallas, E. Glavas.
Good afternoon. My name is Marek Pawłowski

Good afternoon. My name is Marek Pawłowski
Exact and heuristics algorithms

Exact and heuristics algorithms
Greg Williams CS691 Summer 2011. Honeycomb  Introduction  Preceding Work  Important Points  Analysis  Future Work.

Greg Williams CS691 Summer Honeycomb  Introduction  Preceding Work  Important Points  Analysis  Future Work.
AVG Internet Security 7.5 Product presentation.

AVG Internet Security 7.5 Product presentation.
Universidad del Cauca Red de Datos Module 9 Remote Connections.

Universidad del Cauca Red de Datos Module 9 Remote Connections.
Biologically Inspired AI (mostly GAs). Some Examples of Biologically Inspired Computation Neural networks Evolutionary computation (e.g., genetic algorithms)

Biologically Inspired AI (mostly GAs). Some Examples of Biologically Inspired Computation Neural networks Evolutionary computation (e.g., genetic algorithms)
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Non-Linear Problems General approach. Non-linear Optimization Many objective functions, tend to be non-linear. Design problems for which the objective.

Non-Linear Problems General approach. Non-linear Optimization Many objective functions, tend to be non-linear. Design problems for which the objective.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Genetic algorithms for neural networks An introduction.

Genetic algorithms for neural networks An introduction.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03.

Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03.
Evolutionary Algorithms Simon M. Lucas. The basic idea Initialise a random population of individuals repeat { evaluate select vary (e.g. mutate or crossover)

Evolutionary Algorithms Simon M. Lucas. The basic idea Initialise a random population of individuals repeat { evaluate select vary (e.g. mutate or crossover)
Genetic Algorithms Learning Machines for knowledge discovery.

Genetic Algorithms Learning Machines for knowledge discovery.
Basic concepts of Data Mining, Clustering and Genetic Algorithms Tsai-Yang Jea Department of Computer Science and Engineering SUNY at Buffalo.

Basic concepts of Data Mining, Clustering and Genetic Algorithms Tsai-Yang Jea Department of Computer Science and Engineering SUNY at Buffalo.

Similar presentations

Ads by Google