Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anomaly Detection. Network Intrusion Detection Techniques. Ştefan-Iulian Handra Dept. of Computer Science Polytechnic University of Timișoara June 2010.

Published byGerald Stokes Modified over 8 years ago

Similar presentations

Presentation on theme: "Anomaly Detection. Network Intrusion Detection Techniques. Ştefan-Iulian Handra Dept. of Computer Science Polytechnic University of Timișoara June 2010."— Presentation transcript:

1 Anomaly Detection. Network Intrusion Detection Techniques. Ştefan-Iulian Handra Dept. of Computer Science Polytechnic University of Timișoara June 2010

2 Contents 1. Introduction 2. Network intrusion detection data mining 3. Accuracy, efficiency and usability 4. Filtering and refinement 5. Conclusions Ştefan-Iulian Handra 1/91/9 Anomaly Detection. Network Intrusion Detection Techniques

3 Anomaly detection:  detecting patterns in a given data set that do not conform to an established normal behavior Intrusion detection :  act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource  anomaly detection (IDES) + misuse detection (IDIOT, STAT) 1. Introduction Ştefan-Iulian Handra 2/9 Anomaly Detection. Network Intrusion Detection Techniques

4 2. Network intrusion detection data mining Ştefan-Iulian Handra 3/9 Anomaly Detection. Network Intrusion Detection Techniques Classic approach: Classic approach:  key signature from past attack is introduced manually  no defense against future attacks that have a new signature  rapidly increasing data sets impose processing limit  update of intrusion detection models to costly and slow

5 Ştefan-Iulian Handra 4/94/9 Anomaly Detection. Network Intrusion Detection Techniques 2. Network intrusion detection data mining The answer: intrusion detection based on data-mining Examples: Examples: - Nearest Neighbor (NN), - Density Based Local Outliers (LOF), - Density Based Local Outliers (LOF), - unsupervised Support Vector Machines (SVM). Weak points: Weak points: - higher false positive rates than classic techniques - training and evaluation time is high - analyzes normal instances

6 3. Accuracy, efficiency and usability Improvement key points: Improvement key points:  Accuracy – use data mining to analyze audit data, generate artificial anomalies (DBA2)  Efficiency – better algorithms that produces models with low cost and high accuracy, level prioritization of computed features  Usability – adaptive learning, incremental updates of models Anomaly Detection. Network Intrusion Detection Techniques Ştefan-Iulian Handra 5/95/9

7 6/96/9 4. Filtering and refinement Anomaly Detection. Network Intrusion Detection Techniques Proposed by Xiao Yu, Lu An Tang, Jiawei Han A two phase hybrid method for processing data A two phase hybrid method for processing data  A. Filtering stage  B. Refinement stage

8 Ştefan-Iulian Handra 7/97/9 4. Filtering and refinement Anomaly Detection. Network Intrusion Detection Techniques A. Filtering stage. A. Filtering stage.  Excludes normal instances from the data set  Generates optimal dimension based on tests: - on dimension level - on attribute level  Partitions with high number of instances are clusters with normal instances  Partitions with small number of instances are probably anomalies

9 Ştefan-Iulian Handra 8/98/9 4. Filtering and refinement Anomaly Detection. Network Intrusion Detection Techniques B. Refinement stage. B. Refinement stage.  Can use traditional refinement methods (KNN)  Categorizes instances into four categories - Unique instances (Tg>>, Tl>>) - Abnormal clusters (Tg>>, Tl >, Tl<<) - Edge points (Tg >) - Normal instances(Tg<<, Tl<<) Tl : isolation degree of an instance Tg: isolation distance to normal instance clusters

10 Ştefan-Iulian Handra 9/99/9 - network intrusion detection techniques will evolve with the help of the data mining approaches - accuracy, efficiency and usability are the keys to have a detection system that satisfies real time constraints - the detection systems must move their focus from the normal instances processing to the anomalies - the filtering stage is crucial to have a simple processing task for the detection algorithm 5. Conclusions Anomaly Detection. Network Intrusion Detection Techniques

11 Ştefan-Iulian Handra - Xiao Yu, Lu An Tang, Jiawei Han. “Filtering and refinement: A Two- Stage Approach for Efficient and Effective Anomaly Detection.” In Ninth IEEE International Conference on Data Mining, 2009 - P. Dokas, L. Ertoz, V. Kumar, A. Lazarevic, J. Srivastava, and P-N Tan, “Data Mining for Network Intrusion Detection.” Proc. NSF Workshop on Next Generation Data Mining, Baltimore, MD (2002) - S. Kumar and E. H. Spafford “A software architecture to support misuse intrusion detection.” In Proceedings of the 18th National Information Security Conference, pages 194–204, 1995. References Anomaly Detection. Network Intrusion Detection Techniques

12 Ştefan-Iulian Handra Thank you for your attention! June 2010

Download ppt "Anomaly Detection. Network Intrusion Detection Techniques. Ştefan-Iulian Handra Dept. of Computer Science Polytechnic University of Timișoara June 2010."

Similar presentations

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.
Performance Evaluation of the Fuzzy ARTMAP for Network Intrusion Detection Nelcileno Araújo Ruy de Oliveira Ed’Wilson Tavares Ferreira Valtemir Nascimento.

Performance Evaluation of the Fuzzy ARTMAP for Network Intrusion Detection Nelcileno Araújo Ruy de Oliveira Ed’Wilson Tavares Ferreira Valtemir Nascimento.
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
Anomaly Detection in Data Docent Xiao-Zhi Gao

Anomaly Detection in Data Docent Xiao-Zhi Gao
Date : 21 st of May, 2014. Shri Ramdeo Baba College of Engineering and Management Presentation By : Rimjhim Singh Under the Guidance of: Dr. M.B. Chandak.

Date : 21 st of May, Shri Ramdeo Baba College of Engineering and Management Presentation By : Rimjhim Singh Under the Guidance of: Dr. M.B. Chandak.
Data Mining and Intrusion Detection

Data Mining and Intrusion Detection
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
SAK 5609 DATA MINING Prof. Madya Dr. Md. Nasir bin Sulaiman 03-89466514.

SAK 5609 DATA MINING Prof. Madya Dr. Md. Nasir bin Sulaiman
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
Ensemble-based Adaptive Intrusion Detection Wei Fan IBM T.J.Watson Research Salvatore J. Stolfo Columbia University.

Ensemble-based Adaptive Intrusion Detection Wei Fan IBM T.J.Watson Research Salvatore J. Stolfo Columbia University.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.

Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.
1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.

1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.
Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)

Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)
CS548 Spring 2015 Anomaly Detection Showcase Anomaly-based Network Intrusion Detection (A-NIDS) by Nitish Bahadur, Gulsher Kooner, Caitlin Kuhlman 1.

CS548 Spring 2015 Anomaly Detection Showcase Anomaly-based Network Intrusion Detection (A-NIDS) by Nitish Bahadur, Gulsher Kooner, Caitlin Kuhlman 1.
Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.

Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.
A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data Authors: Eleazar Eskin, Andrew Arnold, Michael Prerau,

A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data Authors: Eleazar Eskin, Andrew Arnold, Michael Prerau,
CS490D: Introduction to Data Mining Prof. Chris Clifton April 14, 2004 Fraud and Misuse Detection.

CS490D: Introduction to Data Mining Prof. Chris Clifton April 14, 2004 Fraud and Misuse Detection.

Similar presentations

Ads by Google