Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fuzzy Network Profiling for Intrusion Detection Dickerson, J.E.; Dickerson, J.A. Fuzzy Information Processing Society, 2000. NAFIPS. 19th International.

Published byChad Warren Modified over 9 years ago

Similar presentations

Presentation on theme: "Fuzzy Network Profiling for Intrusion Detection Dickerson, J.E.; Dickerson, J.A. Fuzzy Information Processing Society, 2000. NAFIPS. 19th International."— Presentation transcript:

1 Fuzzy Network Profiling for Intrusion Detection Dickerson, J.E.; Dickerson, J.A. Fuzzy Information Processing Society, 2000. NAFIPS. 19th International Conference of the North American, 2000 Reporter : Chien-Chung Su

2 Agenda Introduction System Architecture Implementation example Conclusion

3 Introduction Intrusion Detection System – A process to identifying network activity that can lead to the compromise of a security policy Two primary form – Misuse Detection Matching known patterns of hostile activity against database of past attacks – Anomaly Detection Applying statistical measures or artificial knowledge to compare current activity against historical knowledge of network utilization

4 System Architecture (1/5) Fuzzy Intrusion Recognition Engine(FIRE) – Anomaly-based intrusion detection system – Applying Fuzzy Theory – Applying simple data mining technique

5 System Architecture (2/5) A Local Area Local Network Data Collector (NDC) Raw data Network Data Processor (NDP) Mined data Fuzzy Threat Analyzer (FTA) Fuzzy Alerts

6 System Architecture (3/5) Network Data Collector(NDC) – Grab all packets that cross the wire and stores them to disk – To help avoid packet loss in the data collection system, it is important that the tasks performed by the NDC be very limited

7 System Architecture (4/5) Network Data Processor(NDP) – Perform a kind of data mining on the collected packets – Compare the current data with the historical mined data to create the “normalized” value that reflect how the new data differs from what was observed in the past

8 System Architecture (5/5) Fuzzy Threat Analyzer(FTA) – A fuzzy rules can incorporate one or more fuzzy inputs – Depending on the fuzzy values, the fuzzy rules designer can make the types of intrusions they can detect either very general or very specific

9 Implementation example (1/4) What metrics we wants? – SrcIP, DstIP, SrcPort, DstPort – TCP flags, data length – Data content – Time the packet was sent Example – sdp = (SrcIP, DstIP,SrcPort, DstPort) – Represents the existence of a TCP channel(whether successful or not) between two IP end points

10 Implementation example (2/4) Define fuzzy variables – COUNT – UNIQUENESS – VARIANCE Membership Function 1 2 LOW MED-LOW MED MED-HIGH HIGH 5 10 25 50 100

11 Implementation example (3/4) Design fuzzy rules – Scenario : Network scan – Rules examples If (COUNT == LOW) && (UNIQUENESS == MED) Then “Network Scan” = MED-LOW If (COUNT == MED) && (UNIQUENESS == LOW) Then “Network Scan” = LOW If (COUNT == MED) && (UNIQUENESS == HIGH) Then “Network Scan” = HIGH If (COUNT of ForeignHosts == HIGH) && (UNIQUENESS of DNS == HIGH) Then “DNS Scan” == HIGH

12 Implementation example (4/4) System issues – Data collection interval – Define fuzzy variables – Data mining techniques – Fuzzy rules

13 Conclusion Intrusion detection with a part of fuzziness Expert system should be supported Real-time data mining issues

Download ppt "Fuzzy Network Profiling for Intrusion Detection Dickerson, J.E.; Dickerson, J.A. Fuzzy Information Processing Society, 2000. NAFIPS. 19th International."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.

IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.
Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.

Snort: A Network Intrusion Detection Software Matt Gustafson Becky Smith CS691 Semester Project Spring 2003.
IDS/IPS Definition and Classification

IDS/IPS Definition and Classification
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
1 Anomaly Detection Using GAs Umer Khan 28-sept-2005.

1 Anomaly Detection Using GAs Umer Khan 28-sept-2005.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03.

Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
Neural Technology and Fuzzy Systems in Network Security Project Progress 2 Group 2: Omar Ehtisham Anwar 2005-02-0129 Aneela Laeeq 2005-02-0023.

Neural Technology and Fuzzy Systems in Network Security Project Progress 2 Group 2: Omar Ehtisham Anwar Aneela Laeeq
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
School of Computer Science and Information Systems

School of Computer Science and Information Systems
seminar on Intrusion detection system

seminar on Intrusion detection system
Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar 2005-02-0129 Aneela Laeeq 2005-02-0023.

Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar Aneela Laeeq
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering

Department Of Computer Engineering

Similar presentations

Ads by Google