HMMPayl: an application of HMM to the                                                                                     ...
HMMPayl: an application of HMM to the                                                                                     ...
HMMPayl: an application of HMM to the                                                                                     ...
Upcoming SlideShare
Loading in...5
×

Ariu - Workshop on Applications of Pattern Analysis

240

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
240
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Ariu - Workshop on Applications of Pattern Analysis"

  1. 1. HMMPayl: an application of HMM to the Dept. of Electrical and analysis of the HTTP payload University ofCagliari - Italy Electronic Engineering davide.ariu@diee.unica.it  Davide Ariu - Giorgio Giacinto giacinto@diee.unica.it  Anomaly detec2on for Computer Security  •  radionally, Intrusion Detec2on Systems (IDS) are based on a database of signatures  T that describe known a3acks.  Problem: never‐seen‐before a3acks can not be detected!!!  •  nomaly based IDS use a stascal model of the legimate pa3erns. Any pa3ern  A whose stascal model deviates from that stored in the system is labeled as an a3acks.  Advantage: zero‐days aHacks can be detected!!!   HTTP Payload analysis  •  he analysis of the bytes’ distribuon in the HTTP payload of requests toward a web  T server allows to detect a3acks against the web server  •  everal soluons based on this approach (e.g. PAYL1, McPAD2)have been proposed but  S they suffer of limita2ons due to:  •  oo high size of the features space  T •  oarse representa2on of the payload  C WAPA 2010 1  K. Wang et al. ”Anomalous Payload‐Based Network Intrusion Detec2on" , RAID, 2004. 2 R. Perdisci et. Al. ” McPAD: A mul/ple classifier system for accurate payload‐based anomaly detec/on”, Computer Networks, 2009.   Workshop on Applica/ons of Pa2ern Analysis  This research was sponsored by the  Pattern Recognition and Applications Group Autonomous Region of Sardinia through a grant  Group  http://prag.diee.unica.it financed with the ”Sardinia PO FSE 2007‐2013”  funds and provided according to the L.R. 7/2007 
  2. 2. HMMPayl: an application of HMM to the Dept. of Electrical and analysis of the HTTP payload University ofCagliari - Italy Electronic Engineering davide.ariu@diee.unica.it  Davide Ariu - Giorgio Giacinto giacinto@diee.unica.it  HMMPayl: a simplified scheme  WAPA 2010  Workshop on Applica/ons of Pa2ern Analysis  This research was sponsored by the  Pattern Recognition and Applications Group Autonomous Region of Sardinia through a grant  Group  http://prag.diee.unica.it financed with the ”Sardinia PO FSE 2007‐2013”  funds and provided according to the L.R. 7/2007 
  3. 3. HMMPayl: an application of HMM to the Dept. of Electrical and analysis of the HTTP payload University ofCagliari - Italy Electronic Engineering davide.ariu@diee.unica.it  Davide Ariu - Giorgio Giacinto giacinto@diee.unica.it  Experimental Results and Conclusions  1 ‐ Increased  2 – Benefits of the MCS  3 – Possibility of  Classifica2on Accuracy  approach  reducing the  computa2onal cost  WAPA 2010  Workshop on Applica/ons of Pa2ern Analysis  This research was sponsored by the  Pattern Recognition and Applications Group Autonomous Region of Sardinia through a grant  Group  http://prag.diee.unica.it financed with the ”Sardinia PO FSE 2007‐2013”  funds and provided according to the L.R. 7/2007 
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×