Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Blackboard-Based Learning Intrusion Detection System: A New Approach

Published byDiana Walsh Modified over 8 years ago

Similar presentations

Presentation on theme: "A Blackboard-Based Learning Intrusion Detection System: A New Approach"— Presentation transcript:

1 A Blackboard-Based Learning Intrusion Detection System: A New Approach
Presented by: Preeti Anday Dept of Computer & Information Sciences University of Delaware

2 What is a blackboard?

3 Blackboard Architecture
KS Controller Knowledge Sources (KS)

4 What is an IDS? An intrusion detection system (IDS) is a device (or application) that monitors network and/or system activities for malicious activities or policy violations.

5 Intrusion Detection Anomaly Detection Misuse Detection

6 Intrusion Detection Based on Network system area they audit:
Host based Security system that is detecting inside abuses in a computer system Network based Capable of identifying abusive uses or attempts of unauthorized usage of the computer network from outside the system

7 Prior Approaches Rule based analysis: Predefined rule set
Expert systems Drawbacks Inability to detect attack scenarios Lack flexibility Variations in the attack sequence reduce effectiveness of the system

8 Common Types Of Malicious Attacks
Denial-of-service Attack (DoS) Guessing rlogin Attack Scanning Attack

9 Autonomous Agents What are Autonomous agents?
Software agents that perform certain security monitoring functions at the host Independent entities Have minimal overhead and can resist subversion Dynamically reconfigurable, scalable and easily adaptable Degrade gracefully

10 Learning Intrusion Detection System Architecture

11 Tier 1 Contains autonomous agents required for initial alert feature,
A1: Network reader Collects network data with the help of a program called tcpdump Pastes them on the blackboard A2: Initial Analyzer Calls a rule based classifier that is written as a dll in C++ A3: Display/Output agent Reports the initial analysis to the user

12 Tier 2 Contains agents that analyze the system specific information,
A4: System reader Gathers system specific information on the protected system Posts it on the blackboard A5: Attack classifier Identifies different subclasses of intrusions present in the network Send information from blackboard to the classifier which performs the diagnosis and posts the results on the Blackboard

13 Tier 2 contd. Memory usage Number of connections Connection attempts
The information gathered in A4 includes, Available network bandwidth CPU Usage Network packets Memory usage Number of connections Connection attempts Protocol Packet length

14 Tier 2 contd. The classifier used in A5 is a micro genetic algorithm based classifier that uses the multiple fault diagnosis concept to perform the necessary function. The result states what of attack is present and what is its probability of presence in the data set. The genetic algorithm is capable of determining the sub-classifications of attacks.

15 Tier 3 Contains autonomous agents that give full details of the attacks A6: Analyzer with ANN Analyzes information Decides which type of ANN will be useful for further analysis If the analysis finds no attack in the dataset, the agent flags the dataset as false positive alarm

16 Tier 3 A7: Teaching agent Updates the rule set of A2
A8: Report generation Displays a complete report of the analysis to the user Since the agents are autonomous, a control pattern is included to ensure that each agent gets at least one chance to look at the blackboard in one process cycle.

17 Questions

Download ppt "A Blackboard-Based Learning Intrusion Detection System: A New Approach"

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Application of Bayesian Network in Computer Networks Raza H. Abedi.

Application of Bayesian Network in Computer Networks Raza H. Abedi.
1 Advances in Network Security Case Study: Intrusion Detection Max Lakshtanov Comp 529T 7-10.

1 Advances in Network Security Case Study: Intrusion Detection Max Lakshtanov Comp 529T 7-10.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (http://www.cs.umn.edu/Ajanta/publications.html)http://www.cs.umn.edu/Ajanta/publications.html.

Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Bro: A System for Detecting Network Intruders in Real-Time Presented by Zachary Schneirov CS 395-0 Professor Yan Chen.

Bro: A System for Detecting Network Intruders in Real-Time Presented by Zachary Schneirov CS Professor Yan Chen.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.

Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.

Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering

Department Of Computer Engineering

Similar presentations

Ads by Google