Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System Authors : Martin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser.

Published byChrystal Randall Modified over 9 years ago

Similar presentations

Presentation on theme: "The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System Authors : Martin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser."— Presentation transcript:

1 The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System Authors : Martin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser and George Yamoyany Source : Proceedings of the 2002 Annual Research Conference of South African Institute for Computer Scientists and Information Technologists (SAICSIT), pp. 149-155, September 2002. Speaker : Chien-Jen Hsueh Date : 2005/12/06

2 2 Outline  Introduction  Intrusion Detection System (IDS) IDS & Overview of Current IDS Problems of IDS  Fuzzy application Generic Hybrid Intrusion Identification Strategy  Three independent computational components  Next Generation Proactive Identification Model (NeGPAIM)  Conclusions  Comments

3 3  Computer security gains important Environment changes fast Information becomes a precious asset Increase security requirements  ex: 2001 CSI/FBI Computer Crime & Security Survey  Need more powerful security technology New techniques  Neural network  Fuzzy engine Introduction IDSFuzzy applicationConclusionsComments

4 4 Intrusion Detection System  IDS & Overview of Current IDS A process of intelligently monitoring the events Analysis signs of violation Attempts to compromise security components Consists of three functional components  Information source: provider a stream of event records  Analysis engine: finds signs of intrusions  Response component: generates reactions based on the outcome of the analysis engine IntroductionIDS (1/3)Fuzzy applicationConclusionsComments

5 5 Problems of IDS_Analyses  Two approaches of analysis engine Misuse detection  Detects intrusions that follow well-known patterns of attack  Primary limitation of this approach Looks only for known weakness May not be of much use in detecting unknown future intrusions Anomaly detection  Using statistical techniques to find patterns that was abnormal  Main problem of this approach Tend to be computationally expensive Trained incorrectly to recognize an intrusive behavior due to insufficient data IntroductionIDS (2/3)Fuzzy applicationConclusionsComments

6 6 IDS Problems Mostly current commercial IDS (CIDS) based on the misuse detection approach Make highly ineffective  Intruders do not match the known attack patterns of CIDS  New attack patterns is time consuming  Difficult to identify effectively by IDS due to insufficient data IntroductionIDS (3/3)Fuzzy applicationConclusionsComments

7 7 Fuzzy Application  Generic Hybrid Intrusion Identification Strategy Hybrid system idea can be used to improve the monitoring functionality of current IDS Three independent computational components  Central analysis engine  Fuzzy engine  Neural engine IntroductionIDSFuzzy application (1/11)ConclusionsComments

8 8 Generic Hybrid Intrusion Identification Strategy IntroductionIDSFuzzy application (2/11)ConclusionsComments Implement the misuse detection approach

9 9 Fuzzy Engine and Fuzzy Logic Fuzzy Engine  Implements the misuse detection approach based on fuzzy logic  A superset of boolean logic  Extended to handle the concept of partial truth  Provide a more effective monitoring functionality It will not require regular updates on new intrusion attacks IntroductionIDSFuzzy application (3/11)ConclusionsComments Completely False Completely True True values

10 10 Fuzzy logic application Developing two graphs using fuzzy logic  Compare generic intrusion phases and actions of an intruder there by prediction patterns of misuse  Template graph represent six generic intrusion phases  User action graph represent the actual action of the intruder  Mapping of graphs possible determine patterns of misuse IntroductionIDSFuzzy application (4/11)ConclusionsComments

11 11 Template Graphs IntroductionIDSFuzzy application (5/11)ConclusionsComments Template Graphs will use to represent the six generic intrusion phases

12 12 User Action Graph User action graph will represent the actual actions of the misuse IntroductionIDSFuzzy application (6/11)ConclusionsComments

13 13 Mapping of Graphs and the Functions  The output is a numeric value  Used by the central strategy engine to determine if a intruder is carrying out an intrusion attack IntroductionIDSFuzzy application (7/11)ConclusionsComments

14 14 Next Generation Proactive Identification Model Next Generation Proactive Identification Model (NeGPAIM)  Based on Hybrid Intrusion Identification Strategy  Consists of nine major components Information Provider, Collector Coupler, Information Refiner Neural Engine, Central Analysis Engine Responder and Manager Fuzzy Engine  All components are resided on a 3-tier architecture Client, external host and internal host IntroductionIDSFuzzy application (8/11)ConclusionsComments

15 15 Fuzzy Engine One of two low-level processing unit of NeGPAIM Used to determine whether a intruder’s intrusion attack  Compute a template and user action graph for each user  Map the two graphs Notify the central analysis engine with an intrusion value Performed on a continuous basis IntroductionIDSFuzzy application (9/11)ConclusionsComments

16 16 General Representation of NeGPAIM IntroductionIDSFuzzy application (10/11)ConclusionsComments

17 17 Practical Implementation of NeGPAIM Implementing Fuzzy Engine Prototype (IFEP)  An initial prototype to test the feasibility of the model  Only implemented the fuzzy engine Developed by employing CLIPS developing software  Tested by way of several independent case studies IFEP was successful in performing misuse detection IntroductionIDSFuzzy application (11/11)ConclusionsComments

18 18 Conclusions  NeGPAIM provide stronger detection approach Monitor and identify intrusion proactively and dynamically  Ex: A attacker has the objective of stealing credit card information identify at an early stage and disconnect the attack session  Fuzzy engine implements misuse detection Differs from current misuse detection system It does not search for particular pattern of attack Searches for general misuse of resources and objects  Still need the information security officer IntroductionIDSFuzzy applicationConclusionsComments

19 19 Comments  Fuzzy logic and engine may usefully use in other security techniques Authentication, Key distribution…  Combine with other AI concept Neural engine, Intelligence Agent…  Fuzzy logic using in Digital Rights Management IntroductionIDSFuzzy applicationConclusionsComments

20 20 Thank you for listening… Fuzzy theory report by Chien-Jen Hsueh, December 2005

Download ppt "The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System Authors : Martin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser."

Similar presentations

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.

1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.
Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03.

Learning Classifier Systems to Intrusion Detection Monu Bambroo 12/01/03.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Marakas: Decision Support Systems, 2nd Edition © 2003, Prentice-Hall Chapter 7 - 1 Chapter 7: Expert Systems and Artificial Intelligence Decision Support.

Marakas: Decision Support Systems, 2nd Edition © 2003, Prentice-Hall Chapter Chapter 7: Expert Systems and Artificial Intelligence Decision Support.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
WELCOME TO THE WORLD OF FUZZY SYSTEMS. DEFINITION Fuzzy logic is a superset of conventional (Boolean) logic that has been extended to handle the concept.

WELCOME TO THE WORLD OF FUZZY SYSTEMS. DEFINITION Fuzzy logic is a superset of conventional (Boolean) logic that has been extended to handle the concept.
seminar on Intrusion detection system

seminar on Intrusion detection system
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering

Department Of Computer Engineering
Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.

Building Survivable Systems based on Intrusion Detection and Damage Containment Paper by: T. Bowen Presented by: Tiyseer Al Homaiyd 1.
Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.

Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.
Fuzzy Mobile Agents for Distributed e-Shopping Data Mining Presented by Lin Lu.

Fuzzy Mobile Agents for Distributed e-Shopping Data Mining Presented by Lin Lu.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google