Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automatic Detection of Emerging Threats to Computer Networks Andre McDonald.

Published byEmmeline Johnston Modified over 9 years ago

Similar presentations

Presentation on theme: "Automatic Detection of Emerging Threats to Computer Networks Andre McDonald."— Presentation transcript:

1 Automatic Detection of Emerging Threats to Computer Networks Andre McDonald

2 Overview of presentation The cybercrime problem –Background –Cybercrime in South Africa –Network vulnerabilities Network intrusion detection –The need for network intrusion detection –Network intrusion detection systems –Anomaly detection techniques CSIR research and development –Time series detection –Network intrusion detection software platform

3 The Cybercrime Problem

4 Background Cybercrime is any crime in which a computer is the object of the crime, or is used as a tool to commit an offence. Examples Fraud and financial crimes Identity theft and theft of classified information With a global impact of $388 bn per year, cybercrime is bigger than the global black market in marijuana, cocaine and heroin combined ($288 bn), and more than 100 times the annual expenditure of UNICEF ($3.7 bn).

5 Cybercrime in South Africa Challenges in the local context SMMEs with small ICT budgets Local skills shortage and lack of awareness 2014 statistics for cybercrime in South Africa Estimated cost to SA companiesR 5.8 billion, 0.14% GDP Average delay in detecting breach200 days Online adult South Africans exposed to cybercrime 55% Global ranking in cybercrime exposure3 rd, after Russia and China Estimated rate of “phishing” attacks1 in 215 email messages

6 Network vulnerabilities Cybercrime frequently involves illegitimate access to networked computer systems, or their abuse Networked systems are vulnerable –Weak passwords –Mobile devices and BYOD policies –Outdated software and misconfiguration –Unencrypted transmission of information Emerging threats and previously unobserved attacks are of particular concern –Rapid threat propagation and slow reaction –Threat signatures unavailable or not up to date

7 Network Intrusion Detection

8 The need for network intrusion detection Automatic detection of network intrusions is required as an additional security layer Timely detection and blocking of intrusions in their early phases may limit the scope of the damage

9 Network intrusion detection systems Network Intrusion Detection Systems (NIDS): Hardware or software systems for automatically detecting intrusions in computer networks

10 Detection approaches Misuse detection Select predefined signatures of known malicious traffic patterns Compare observed traffic to signatures Low false positive rate, but cannot detect previously unobserved attacks Anomaly detection Construct models of legitimate traffic patterns Observed traffic that deviates from models are tagged as malicious Can detect certain previously unobserved attacks, but typically exhibits high false positive rates

11 Anomaly detection techniques Statistical techniques Univariate / multivariate models Time series detection –Filtering and thresholding Machine learning techniques Supervised learning –SVMs, neural networks Unsupervised learning –Clustering, outlier detection

12 Anomaly detection techniques Statistical techniques Adaptive and online model construction Can potentially be trained by attacker Rapid detection implies more false positives Machine learning techniques Ability to detect more intricate attacks Heavy data pre-processing burden Supervised learning requires labelled data Accuracy Speed ` Machine learning tech. Statistical tech.

13 CSIR Research and Development

14 CSIR anomaly detection research and development Statistical time series based detectors Two-stage detection Multi-resolution detection Unsupervised machine learning based detectors Unsupervised feature selection to address lack of labelled data Network intrusion detection software platform development Deployment and configuration of sensors and detectors Monitoring of network traffic patterns Incident logging and analysis Suppression of false positives

15 Time series detection: Example

16 Time series detection: Proposed two-stage detector Second stage performs finer-grained detection to suppress false positives Second stage algorithm triggers only upon threshold crossing in first stage detector Candidate algorithms for stage 2: –Spectral-based detector –Inter-arrival time detector Conventional time series detection Finer-grained detection Stage 1 Stage 2

17 Time series detection: Proposed two-stage detector Left window density estimation Right window density estimation Divergence metric calculation Thresholding

18 Time series detection: Experimental work Detection of denial-of-service attack against web server Corporate network with compromised workstations Compromised workstation floods web server with requests, denying legitimate users access to the website

19 Time series detection: Experimental work

20 Time series detection: Experimental work StageAlgorithm / ParameterValue 1DetectionExponentially-weighted moving average 1Bin width2 seconds 2Density estimationGaussian kernel, Silverman’s heuristic over logarithm of request interarrival time 2Divergence metricSymmetric Kullback-Leibler divergence 2Window width31 requests

21 Time series detection: Experimental results

22 Thank you

Download ppt "Automatic Detection of Emerging Threats to Computer Networks Andre McDonald."

Similar presentations

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
IDS/IPS Definition and Classification

IDS/IPS Definition and Classification
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
NETWORK SECURITY.

NETWORK SECURITY.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Department Of Computer Engineering

Department Of Computer Engineering

Similar presentations

Ads by Google