Presentation is loading. Please wait.

Presentation is loading. Please wait.

Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher.

Published bySusanna Houston Modified over 9 years ago

Similar presentations

Presentation on theme: "Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher."— Presentation transcript:

1 Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher

2 Research and validate existing algorithms, tools, and systems that can detect unauthorized data access and data movement — This approach will be limited to open source and freely available solutions that address the problem Develop our own toolset and algorithm that will use a user profile to detect unauthorized or abnormal data access and data movement Problem Statement

3 Conceptual Sketch

4 Shall make use of pre-existing technologies Shall take input from a variety of sources and systems Shall correlate and filter relevant data Shall alert when malicious activity is discovered Shall have a system to provide notifications on alerts Shall contain an algorithm that decides whether an attack is being committed Functional Requirements

5 Shall have a low false-positive rate Shall be inconspicuous to the malicious user Shall provide alerts in a timely manner The product shall abide by all licenses of open source software utilized Non-functional Requirements

6 The products shall be scalable to a network of up to 1000 machines The product shall have a low false positive rate Data shall be obtained from Cyber Defense Competitions Data shall be obtained from activity scripts Technical Constraints & Considerations

7 Insider Threat Prediction Tool: Evaluating the probability of IT misuse Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector Composite Role-Based Monitoring (CRBM) for Countering Insider Threats Literature Survey

8 No simulation data is found Write activity scripts Continue search for data High false positive results Continue to refine decision algorithm Miss malicious attacks Continue to refine filtering algorithm Potential Risks & Mitigation

9 Time Estimate

10 Resource Estimate ItemTeam HoursCost Research Materials180$0 Dell PowerEdge T410 (8)8$6,392 Linux Red Hat10$350 NetBSD10$0 Splunk3$0 Ettercap3$0 Apache2$0 MySQL2$0 PHP2$0 Totals220$6,742 ItemW/O LaborW/Labor Research Materials$0$3,600 Dell PowerEdge T410 (8)$6,392$6,572 Linux Red Hat$350$550 NetBSD$0$200 Splunk$0$60 Ettercap$0$60 Apache$0$20 MySQL$0$40 PHP$0$20 AlgorithmN/A$6,000 Totals$6,742$17,122

11 Research options for threat detection Choice made on what methods will be used in product Equipment has proper systems All the systems of a LAMP architecture are installed on the machines allocated to the group Data is obtained Group had large amounts of data that contain both outside and inside malicious attacks Project Milestones and Schedule

12 Log Analyzer Gather Logs from the different systems installed on the network, give them a standard format, and store them in a central repository Network Analyzer Profiling Algorithm Profile log information, look for anomalies in user profile activity, and raise alerts when malicious activity is detected Functional Decomposition

13 Functional Modules

14 Interface Definition

15 Installation Interface Trusted administrators will have an initial interface in which they can input trusted users and the access control lists Runtime Interface Normal users will have no interface to the system Alert Interface Trusted administrators will view alert details in the form of an e-mail message sent to the trusted administrator list User Interface

16 Hardware Platform

17 Dell machines were profiled for market survey due to high market presence Hardware Platform (cont.)

18 Operating SystemsSystem Libraries Apache MySQL PHP Third-Party Software Ettercap Snort Splunk NetBSD Version 2.6.0 Red Hat Enterprise Linux (RHEL) Version 6.0 Software Platform

19 Test Environment Located on an ISEAGE-provided computers Consists of small scale network that is designed to represent a scaled down version of a generic enterprise network Focus is on the intranet traffic Test Plan - Environment

20 Scenario 1Scenario 2 Network Traffic Procedure Create controlled traffic on the network Compare the captured packets to the traffic created to determine if entire traffic sequences were captured. Log Gathering Procedure Manually start the log gathering system to gather a known set of logs from predefined locations. Compare the logs retrieved with the logs in the source location to determine if all logs were successfully collected. Test Plan - Design

21 Scenario 3Scenario 5 Entire System Procedure Script various activity types, including malicious and legitimate activity Monitor generated alerts to verify that malicious and suspicious activities are the only events reported Measure the response time from activity to alert report Alert System Procedure Input the alert flag / trigger to the system to create an alert Monitor the reporting mechanism to verify that the alert is created successfully Test Plan – Design (cont.)

22 Machine Setup Basic Installation Complete Non-interference with ISU network Data Detection Method Location of Data Sources Literature & Market Survey Profiling Algorithm Current Project Status

23 Task Responsibility

24 Setup and Configuration of Toolset Develop Profiling Algorithm Transform abstract algorithm to concrete program Testing and Modifications Extensive testing of components to ensure proper results are obtained. Compile Report of Successes and Failures Plan for Next Semester

Download ppt "Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher."

Similar presentations

Performance Testing - Kanwalpreet Singh.

Performance Testing - Kanwalpreet Singh.
Companies can suffer numerous problems due to poor management of resources and careless decisions. In real-world decision- making, many organizations lack.

Companies can suffer numerous problems due to poor management of resources and careless decisions. In real-world decision- making, many organizations lack.
Software Quality Assurance Plan

Software Quality Assurance Plan
Intrusion Detection and Information Fusion/Decision Making By Ganesh Godavari.

Intrusion Detection and Information Fusion/Decision Making By Ganesh Godavari.
Application of Bayesian Network in Computer Networks Raza H. Abedi.

Application of Bayesian Network in Computer Networks Raza H. Abedi.
Project Management Methodology Procurement management.

Project Management Methodology Procurement management.
Insider Access Behavior Team May 06 Brandon Reher Jake Gionet Steven Bromley Jon McKee Advisor Client Dr. Tom DanielsThe Boeing Company Contact Dr. Nick.

Insider Access Behavior Team May 06 Brandon Reher Jake Gionet Steven Bromley Jon McKee Advisor Client Dr. Tom DanielsThe Boeing Company Contact Dr. Nick.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.

July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Health Informatics Series

Health Informatics Series
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
System Engineering Instructor: Dr. Jerry Gao. System Engineering Jerry Gao, Ph.D. Jan. 1999 - System Engineering Hierarchy - System Modeling - Information.

System Engineering Instructor: Dr. Jerry Gao. System Engineering Jerry Gao, Ph.D. Jan System Engineering Hierarchy - System Modeling - Information.
Michael S. Zachowski, Robert D. Walla Astrix Technology Group 1090 King Georges Post Rd Edison, NJ 08837 A Successful Approach to a LIMS Upgrade In A Public.

Michael S. Zachowski, Robert D. Walla Astrix Technology Group 1090 King Georges Post Rd Edison, NJ A Successful Approach to a LIMS Upgrade In A Public.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)

Similar presentations

Ads by Google