SlideShare a Scribd company logo

Ariu - Workshop on Multiple Classifier Systems - 2011

Pluribus One
Pluribus One

The document proposes a modular architecture for analyzing HTTP payloads using multiple classifiers to detect anomalies and intrusions. It trains ensembles of hidden Markov models on different lines of HTTP payloads like the request line, host, and user agent. The HMM outputs are then used as features for a one-class classifier to classify the full payload. The approach is evaluated on real traffic datasets and shown to outperform similar systems with high detection rates and fast computation.

Technology
1 of 24
Download to read offline
University of Cagliari Department of Electric and Electronic Engineering A modular architecture for the analysis of HTTP payloads based on Multiple Classifiers Davide Ariu Giorgio Giacinto davide.ariu@diee.unica.it giacinto@diee.unica.it Napoli, 17 Giugno 2011 This research was sponsored by the  Pattern Recognition and Applications Group Autonomous Region of Sardinia through a grant  Group  http://prag.diee.unica.it financed with the ”Sardinia PO FSE 2007‐2013”  funds and provided according to the L.R. 7/2007 
Outline •  Motivations •  The proposed system •  Experimental Setup and Results •  Conclusions Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 2
The objective Design of an anomaly based Intrusion Detection System for the protection of Web Servers and Applications. The HTTP traffic toward the web servers is inspected by a multiple classifier system. Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 3
Why Web Applications? Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 4
Why Anomaly Detection? Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 5
A legitimate Payload... GET /pra/ita/home.php HTTP/1.1 Host: prag.diee.unica.it Accept: text/*, text/html User-Agent: Mozilla/4.0 Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 6
A legitimate Payload... Request Line GET /pra/ita/home.php HTTP/1.1 Host: prag.diee.unica.it Accept: text/*, text/html User-Agent: Mozilla/4.0 Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 7
A legitimate Payload... Request Line GET /pra/ita/home.php HTTP/1.1 Host: prag.diee.unica.it Accept: text/*, text/html User-Agent: Mozilla/4.0 Request Headers Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 8
...and some attacks •  Long Request Buffer Overflow HEAD / aaaaaaa…aaaaaaaaaaaa •  URL Decoding Error GET /d/winnt/sys32/cmd.exe?/c+dir HTTP/1.0 Host: www Connection: close Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 9
Why Payload Analysis? •  Detection of Web-based attacks based on the –  Analysis of the Request-Line •  Allows detecting only attacks that exploit input-validation flows e.g. Spectrogram ([Song,2009]), HMM-Web ([Corona,2009]) –  HTTP Payload Analysis •  Takes into account the whole HTTP-request, and thus it can (in principle) detect any kind of attack Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 10
SOA - Payload Analysis •  Payl [Wang,2004] –  n-grams to represent byte statistics •  McPAD [Perdisci,2009] –  Ensemble of one-class SVM trained on ν-grams •  Spectrogram [Wang,2009] –  Ensemble of Markov Chains to analyze the request-Line •  HMMPayl [Ariu,2011] –  Ensemble of HMM to analyze sequences of bytes from the whole payload None of the above techniques represented the structure of the payload Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 11
The proposed system Basic Idea •  We propose to take into account the structure of HTTP payloads – For each line of the payload, an ensemble of HMM is used to model the sequences of bytes. – The final decision is obtained by using the HMM outputs as features. The payload is thus classified by a one-class classifier trained on the outputs of the HMM ensembles. Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 12
The proposed system A scheme HMM Ensemble  HTTP Payload  Request‐Line  IDS  HMM Ensemble  GET /pra/index.php HTTP/1.1 Accept‐Language  0.62  Host: prag.diee.unica.it ‐1  User-Agent: Mozilla/5.0 Output Score   One‐Class  Accept-Encoding: gzip, deflate HMM Ensemble  0.53  or  Classifier  Host  Class‐Label  0.34  HMM Ensemble  0.49  User‐Agent  HMM Ensemble  Accept‐Encoding  Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 13
Missing Features •  Each request typically does not contain all the headers –  Training phase: the value of the feature related to a missing header has been set to the average value –  Testing phase: the value of the feature related to a missing header has been set to -1 Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 14
Experimental Setup - 1 •  2 Datasets of Real legitimate traffic –  DIEE, collected at the University of Cagliari –  GT, collected at Georgia Tech Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 15
Experimental Setup - 2  •  3 Datasets of Real Attacks – Generic, 66 Attacks – Shell-code, 11 Attacks – XSS-SQL Injection,38 Attacks •  Training: 1 day of traffic •  Test: the remaining traffic plus attacks – K-fold CV 16 
Experimental Setup - 3 •  4 One-class classification algorithms with default setting of parameters –  Gauss - Gaussian distribution –  Mog – Mixture of Gaussians –  Parzen – Parzen density estimator –  SVM – SVM with RBF Kernel •  Performance evaluated using the Partial AUC –  Computed in the FP range [0,0.1] –  Normalized dividing by 0.1 Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 17
Experimental Results Partial AUC – DIEE Dataset Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 18
Experimental Results Multiple HMM – DIEE Dataset – Shellcode Attacks Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 19
Experimental Results Partial AUC – GT Dataset Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 20
Experimental Results Comparison with similar IDS Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 21
Computational Cost Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 22
Conclusions •  We proposed an anomaly based IDS for the protection of Web-Servers and Web- Applications •  We exploited the MCS paradigm –  To analyze the structure of the HTTP payload –  By combining the outputs through a One-class classifier •  Compared to similar systems, our propoal –  Provides high performance in attack detection –  Is fast Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 23
Thank You!  

Recommended

口試投影片(詹智傑) Final
口試投影片(詹智傑) Final口試投影片(詹智傑) Final
口試投影片(詹智傑) Final
詹智傑
 
Video Quality Measurements
Video Quality MeasurementsVideo Quality Measurements
Video Quality Measurements
Yoss Cohen
 
Dynamic Adaptive Streaming over HTTP: From Content Creation to Consumption
Dynamic Adaptive Streaming over HTTP: From Content Creation to ConsumptionDynamic Adaptive Streaming over HTTP: From Content Creation to Consumption
Dynamic Adaptive Streaming over HTTP: From Content Creation to Consumption
Alpen-Adria-Universität
 
ARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack PortingARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack Porting
Mathivanan Elangovan
 
report
reportreport
report
Christian Uldall Pedersen
 
Technology Update: MPEG-Dash
Technology Update: MPEG-DashTechnology Update: MPEG-Dash
Technology Update: MPEG-Dash
Media Perspectives
 
Microsoft PowerPoint - WirelessCluster_Pres
Microsoft PowerPoint - WirelessCluster_PresMicrosoft PowerPoint - WirelessCluster_Pres
Microsoft PowerPoint - WirelessCluster_Pres
Videoguy
 
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
gree_tech
 

Recommended

口試投影片(詹智傑) Final
口試投影片(詹智傑) Final口試投影片(詹智傑) Final
口試投影片(詹智傑) Final
詹智傑
 
Video Quality Measurements
Video Quality MeasurementsVideo Quality Measurements
Video Quality Measurements
Yoss Cohen
 
Dynamic Adaptive Streaming over HTTP: From Content Creation to Consumption
Dynamic Adaptive Streaming over HTTP: From Content Creation to ConsumptionDynamic Adaptive Streaming over HTTP: From Content Creation to Consumption
Dynamic Adaptive Streaming over HTTP: From Content Creation to Consumption
Alpen-Adria-Universität
 
ARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack PortingARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack Porting
Mathivanan Elangovan
 
report
reportreport
report
Christian Uldall Pedersen
 
Technology Update: MPEG-Dash
Technology Update: MPEG-DashTechnology Update: MPEG-Dash
Technology Update: MPEG-Dash
Media Perspectives
 
Microsoft PowerPoint - WirelessCluster_Pres
Microsoft PowerPoint - WirelessCluster_PresMicrosoft PowerPoint - WirelessCluster_Pres
Microsoft PowerPoint - WirelessCluster_Pres
Videoguy
 
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
Common Pitfalls of Functional Programming and How to Avoid Them: A Mobile Gam...
gree_tech
 
On Security and Sparsity of Linear Classifiers for Adversarial Settings
On Security and Sparsity of Linear Classifiers for Adversarial SettingsOn Security and Sparsity of Linear Classifiers for Adversarial Settings
On Security and Sparsity of Linear Classifiers for Adversarial Settings
Pluribus One
 
Battista Biggio @ MCS 2015, June 29 - July 1, Guenzburg, Germany: "1.5-class ...
Battista Biggio @ MCS 2015, June 29 - July 1, Guenzburg, Germany: "1.5-class ...Battista Biggio @ MCS 2015, June 29 - July 1, Guenzburg, Germany: "1.5-class ...
Battista Biggio @ MCS 2015, June 29 - July 1, Guenzburg, Germany: "1.5-class ...
Pluribus One
 
Sparse Support Faces - Battista Biggio - Int'l Conf. Biometrics, ICB 2015, Ph...
Sparse Support Faces - Battista Biggio - Int'l Conf. Biometrics, ICB 2015, Ph...Sparse Support Faces - Battista Biggio - Int'l Conf. Biometrics, ICB 2015, Ph...
Sparse Support Faces - Battista Biggio - Int'l Conf. Biometrics, ICB 2015, Ph...
Pluribus One
 
Secure Kernel Machines against Evasion Attacks
Secure Kernel Machines against Evasion AttacksSecure Kernel Machines against Evasion Attacks
Secure Kernel Machines against Evasion Attacks
Pluribus One
 
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Pluribus One
 
Ariu - Workshop on Applications of Pattern Analysis
Ariu - Workshop on Applications of Pattern AnalysisAriu - Workshop on Applications of Pattern Analysis
Ariu - Workshop on Applications of Pattern Analysis
Pluribus One
 
Ariu - Ph.D. Defense Slides
Ariu - Ph.D. Defense SlidesAriu - Ph.D. Defense Slides
Ariu - Ph.D. Defense Slides
Pluribus One
 
Machine Learning under Attack: Vulnerability Exploitation and Security Measures
Machine Learning under Attack: Vulnerability Exploitation and Security MeasuresMachine Learning under Attack: Vulnerability Exploitation and Security Measures
Machine Learning under Attack: Vulnerability Exploitation and Security Measures
Pluribus One
 
Hmm
HmmHmm
Hmm
Switch On
 
Quantum-grizzly-packet-filtering
Quantum-grizzly-packet-filteringQuantum-grizzly-packet-filtering
Quantum-grizzly-packet-filtering
Akihiro Motoki
 
Web Sphere Problem Determination Ext
Web Sphere Problem Determination ExtWeb Sphere Problem Determination Ext
Web Sphere Problem Determination Ext
Rohit Kelapure
 
Art Of Message Queues
Art Of Message QueuesArt Of Message Queues
Art Of Message Queues
Mike Willbanks
 
eXo Platform SEA - Play Framework Introduction
eXo Platform SEA - Play Framework IntroductioneXo Platform SEA - Play Framework Introduction
eXo Platform SEA - Play Framework Introduction
vstorm83
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.
Michael Ducy
 
Sonar En
Sonar EnSonar En
Sonar En
Aleksey Trusov
 
Build cloud native solution using open source
Build cloud native solution using open source Build cloud native solution using open source
Build cloud native solution using open source
Nitesh Jadhav
 
Prometheus - Intro, CNCF, TSDB,PromQL,Grafana
Prometheus - Intro, CNCF, TSDB,PromQL,GrafanaPrometheus - Intro, CNCF, TSDB,PromQL,Grafana
Prometheus - Intro, CNCF, TSDB,PromQL,Grafana
Sridhar Kumar N
 
Wissbi osdc pdf
Wissbi osdc pdfWissbi osdc pdf
Wissbi osdc pdf
Chris Huang
 
QA. Load Testing
QA. Load TestingQA. Load Testing
QA. Load Testing
Alex Galkin
 
Rohit yadav cloud stack internals
Rohit yadav cloud stack internalsRohit yadav cloud stack internals
Rohit yadav cloud stack internals
ShapeBlue
 
Automatic test packet generation
Automatic test packet generationAutomatic test packet generation
Automatic test packet generation
tusharjadhav2611
 
php[world] Magento101
php[world] Magento101php[world] Magento101
php[world] Magento101
Mathew Beane
 

More Related Content

Viewers also liked

On Security and Sparsity of Linear Classifiers for Adversarial Settings
On Security and Sparsity of Linear Classifiers for Adversarial SettingsOn Security and Sparsity of Linear Classifiers for Adversarial Settings
On Security and Sparsity of Linear Classifiers for Adversarial Settings
Pluribus One
 
Battista Biggio @ MCS 2015, June 29 - July 1, Guenzburg, Germany: "1.5-class ...
Battista Biggio @ MCS 2015, June 29 - July 1, Guenzburg, Germany: "1.5-class ...Battista Biggio @ MCS 2015, June 29 - July 1, Guenzburg, Germany: "1.5-class ...
Battista Biggio @ MCS 2015, June 29 - July 1, Guenzburg, Germany: "1.5-class ...
Pluribus One
 
Sparse Support Faces - Battista Biggio - Int'l Conf. Biometrics, ICB 2015, Ph...
Sparse Support Faces - Battista Biggio - Int'l Conf. Biometrics, ICB 2015, Ph...Sparse Support Faces - Battista Biggio - Int'l Conf. Biometrics, ICB 2015, Ph...
Sparse Support Faces - Battista Biggio - Int'l Conf. Biometrics, ICB 2015, Ph...
Pluribus One
 
Secure Kernel Machines against Evasion Attacks
Secure Kernel Machines against Evasion AttacksSecure Kernel Machines against Evasion Attacks
Secure Kernel Machines against Evasion Attacks
Pluribus One
 
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Pluribus One
 
Ariu - Workshop on Applications of Pattern Analysis
Ariu - Workshop on Applications of Pattern AnalysisAriu - Workshop on Applications of Pattern Analysis
Ariu - Workshop on Applications of Pattern Analysis
Pluribus One
 
Ariu - Ph.D. Defense Slides
Ariu - Ph.D. Defense SlidesAriu - Ph.D. Defense Slides
Ariu - Ph.D. Defense Slides
Pluribus One
 
Machine Learning under Attack: Vulnerability Exploitation and Security Measures
Machine Learning under Attack: Vulnerability Exploitation and Security MeasuresMachine Learning under Attack: Vulnerability Exploitation and Security Measures
Machine Learning under Attack: Vulnerability Exploitation and Security Measures
Pluribus One
 
Hmm
HmmHmm
Hmm
Switch On
 

Viewers also liked (9)

On Security and Sparsity of Linear Classifiers for Adversarial Settings
On Security and Sparsity of Linear Classifiers for Adversarial SettingsOn Security and Sparsity of Linear Classifiers for Adversarial Settings
On Security and Sparsity of Linear Classifiers for Adversarial Settings
 
Battista Biggio @ MCS 2015, June 29 - July 1, Guenzburg, Germany: "1.5-class ...
Battista Biggio @ MCS 2015, June 29 - July 1, Guenzburg, Germany: "1.5-class ...Battista Biggio @ MCS 2015, June 29 - July 1, Guenzburg, Germany: "1.5-class ...
Battista Biggio @ MCS 2015, June 29 - July 1, Guenzburg, Germany: "1.5-class ...
 
Sparse Support Faces - Battista Biggio - Int'l Conf. Biometrics, ICB 2015, Ph...
Sparse Support Faces - Battista Biggio - Int'l Conf. Biometrics, ICB 2015, Ph...Sparse Support Faces - Battista Biggio - Int'l Conf. Biometrics, ICB 2015, Ph...
Sparse Support Faces - Battista Biggio - Int'l Conf. Biometrics, ICB 2015, Ph...
 
Secure Kernel Machines against Evasion Attacks
Secure Kernel Machines against Evasion AttacksSecure Kernel Machines against Evasion Attacks
Secure Kernel Machines against Evasion Attacks
 
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
 
Ariu - Workshop on Applications of Pattern Analysis
Ariu - Workshop on Applications of Pattern AnalysisAriu - Workshop on Applications of Pattern Analysis
Ariu - Workshop on Applications of Pattern Analysis
 
Ariu - Ph.D. Defense Slides
Ariu - Ph.D. Defense SlidesAriu - Ph.D. Defense Slides
Ariu - Ph.D. Defense Slides
 
Machine Learning under Attack: Vulnerability Exploitation and Security Measures
Machine Learning under Attack: Vulnerability Exploitation and Security MeasuresMachine Learning under Attack: Vulnerability Exploitation and Security Measures
Machine Learning under Attack: Vulnerability Exploitation and Security Measures
 
Hmm
HmmHmm
Hmm
 

Similar to Ariu - Workshop on Multiple Classifier Systems - 2011

Quantum-grizzly-packet-filtering
Quantum-grizzly-packet-filteringQuantum-grizzly-packet-filtering
Quantum-grizzly-packet-filtering
Akihiro Motoki
 
Web Sphere Problem Determination Ext
Web Sphere Problem Determination ExtWeb Sphere Problem Determination Ext
Web Sphere Problem Determination Ext
Rohit Kelapure
 
Art Of Message Queues
Art Of Message QueuesArt Of Message Queues
Art Of Message Queues
Mike Willbanks
 
eXo Platform SEA - Play Framework Introduction
eXo Platform SEA - Play Framework IntroductioneXo Platform SEA - Play Framework Introduction
eXo Platform SEA - Play Framework Introduction
vstorm83
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.
Michael Ducy
 
Sonar En
Sonar EnSonar En
Sonar En
Aleksey Trusov
 
Build cloud native solution using open source
Build cloud native solution using open source Build cloud native solution using open source
Build cloud native solution using open source
Nitesh Jadhav
 
Prometheus - Intro, CNCF, TSDB,PromQL,Grafana
Prometheus - Intro, CNCF, TSDB,PromQL,GrafanaPrometheus - Intro, CNCF, TSDB,PromQL,Grafana
Prometheus - Intro, CNCF, TSDB,PromQL,Grafana
Sridhar Kumar N
 
Wissbi osdc pdf
Wissbi osdc pdfWissbi osdc pdf
Wissbi osdc pdf
Chris Huang
 
QA. Load Testing
QA. Load TestingQA. Load Testing
QA. Load Testing
Alex Galkin
 
Rohit yadav cloud stack internals
Rohit yadav cloud stack internalsRohit yadav cloud stack internals
Rohit yadav cloud stack internals
ShapeBlue
 
Automatic test packet generation
Automatic test packet generationAutomatic test packet generation
Automatic test packet generation
tusharjadhav2611
 
php[world] Magento101
php[world] Magento101php[world] Magento101
php[world] Magento101
Mathew Beane
 
How to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experienceHow to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experience
Docker, Inc.
 
Node js meetup
Node js meetupNode js meetup
Node js meetup
Ansuman Roy
 
Node.js security tour
Node.js security tourNode.js security tour
Node.js security tour
Giacomo De Liberali
 
Summarizing Software API Usage Examples Using Clustering Techniques
Summarizing Software API Usage Examples Using Clustering TechniquesSummarizing Software API Usage Examples Using Clustering Techniques
Summarizing Software API Usage Examples Using Clustering Techniques
Nikos Katirtzis
 
The PeriCAT Framework
The PeriCAT FrameworkThe PeriCAT Framework
The PeriCAT Framework
PERICLES_FP7
 
Thesis Presentation P2 P Vo D On Internet Rodrigo Godoi
Thesis Presentation P2 P Vo D On Internet Rodrigo GodoiThesis Presentation P2 P Vo D On Internet Rodrigo Godoi
Thesis Presentation P2 P Vo D On Internet Rodrigo Godoi
Rodrigo Godoi, PMP
 
43
4343
43
srimoorthi
 

Similar to Ariu - Workshop on Multiple Classifier Systems - 2011 (20)

Quantum-grizzly-packet-filtering
Quantum-grizzly-packet-filteringQuantum-grizzly-packet-filtering
Quantum-grizzly-packet-filtering
 
Web Sphere Problem Determination Ext
Web Sphere Problem Determination ExtWeb Sphere Problem Determination Ext
Web Sphere Problem Determination Ext
 
Art Of Message Queues
Art Of Message QueuesArt Of Message Queues
Art Of Message Queues
 
eXo Platform SEA - Play Framework Introduction
eXo Platform SEA - Play Framework IntroductioneXo Platform SEA - Play Framework Introduction
eXo Platform SEA - Play Framework Introduction
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.
 
Sonar En
Sonar EnSonar En
Sonar En
 
Build cloud native solution using open source
Build cloud native solution using open source Build cloud native solution using open source
Build cloud native solution using open source
 
Prometheus - Intro, CNCF, TSDB,PromQL,Grafana
Prometheus - Intro, CNCF, TSDB,PromQL,GrafanaPrometheus - Intro, CNCF, TSDB,PromQL,Grafana
Prometheus - Intro, CNCF, TSDB,PromQL,Grafana
 
Wissbi osdc pdf
Wissbi osdc pdfWissbi osdc pdf
Wissbi osdc pdf
 
QA. Load Testing
QA. Load TestingQA. Load Testing
QA. Load Testing
 
Rohit yadav cloud stack internals
Rohit yadav cloud stack internalsRohit yadav cloud stack internals
Rohit yadav cloud stack internals
 
Automatic test packet generation
Automatic test packet generationAutomatic test packet generation
Automatic test packet generation
 
php[world] Magento101
php[world] Magento101php[world] Magento101
php[world] Magento101
 
How to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experienceHow to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experience
 
Node js meetup
Node js meetupNode js meetup
Node js meetup
 
Node.js security tour
Node.js security tourNode.js security tour
Node.js security tour
 
Summarizing Software API Usage Examples Using Clustering Techniques
Summarizing Software API Usage Examples Using Clustering TechniquesSummarizing Software API Usage Examples Using Clustering Techniques
Summarizing Software API Usage Examples Using Clustering Techniques
 
The PeriCAT Framework
The PeriCAT FrameworkThe PeriCAT Framework
The PeriCAT Framework
 
Thesis Presentation P2 P Vo D On Internet Rodrigo Godoi
Thesis Presentation P2 P Vo D On Internet Rodrigo GodoiThesis Presentation P2 P Vo D On Internet Rodrigo Godoi
Thesis Presentation P2 P Vo D On Internet Rodrigo Godoi
 
43
4343
43
 

More from Pluribus One

Smart Textiles - Prospettive di mercato - Davide Ariu
Smart Textiles - Prospettive di mercato - Davide Ariu Smart Textiles - Prospettive di mercato - Davide Ariu
Smart Textiles - Prospettive di mercato - Davide Ariu
Pluribus One
 
Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning - 2019 Int...
Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning - 2019 Int...Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning - 2019 Int...
Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning - 2019 Int...
Pluribus One
 
Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning. ICMLC 201...
Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning. ICMLC 201...Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning. ICMLC 201...
Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning. ICMLC 201...
Pluribus One
 
Wild patterns - Ten years after the rise of Adversarial Machine Learning - Ne...
Wild patterns - Ten years after the rise of Adversarial Machine Learning - Ne...Wild patterns - Ten years after the rise of Adversarial Machine Learning - Ne...
Wild patterns - Ten years after the rise of Adversarial Machine Learning - Ne...
Pluribus One
 
WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019
WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019
WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019
Pluribus One
 
Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub...
Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub...Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub...
Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub...
Pluribus One
 
Battista Biggio, Invited Keynote @ AISec 2014 - On Learning and Recognition o...
Battista Biggio, Invited Keynote @ AISec 2014 - On Learning and Recognition o...Battista Biggio, Invited Keynote @ AISec 2014 - On Learning and Recognition o...
Battista Biggio, Invited Keynote @ AISec 2014 - On Learning and Recognition o...
Pluribus One
 
Battista Biggio @ AISec 2014 - Poisoning Behavioral Malware Clustering
Battista Biggio @ AISec 2014 - Poisoning Behavioral Malware ClusteringBattista Biggio @ AISec 2014 - Poisoning Behavioral Malware Clustering
Battista Biggio @ AISec 2014 - Poisoning Behavioral Malware Clustering
Pluribus One
 
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...
Pluribus One
 
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...
Pluribus One
 
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...
Pluribus One
 
Battista Biggio @ ICML2012: "Poisoning attacks against support vector machines"
Battista Biggio @ ICML2012: "Poisoning attacks against support vector machines"Battista Biggio @ ICML2012: "Poisoning attacks against support vector machines"
Battista Biggio @ ICML2012: "Poisoning attacks against support vector machines"
Pluribus One
 
Zahid Akhtar - Ph.D. Defense Slides
Zahid Akhtar - Ph.D. Defense SlidesZahid Akhtar - Ph.D. Defense Slides
Zahid Akhtar - Ph.D. Defense Slides
Pluribus One
 
Design of robust classifiers for adversarial environments - Systems, Man, and...
Design of robust classifiers for adversarial environments - Systems, Man, and...Design of robust classifiers for adversarial environments - Systems, Man, and...
Design of robust classifiers for adversarial environments - Systems, Man, and...
Pluribus One
 
Robustness of multimodal biometric verification systems under realistic spoof...
Robustness of multimodal biometric verification systems under realistic spoof...Robustness of multimodal biometric verification systems under realistic spoof...
Robustness of multimodal biometric verification systems under realistic spoof...
Pluribus One
 
Support Vector Machines Under Adversarial Label Noise (ACML 2011) - Battista ...
Support Vector Machines Under Adversarial Label Noise (ACML 2011) - Battista ...Support Vector Machines Under Adversarial Label Noise (ACML 2011) - Battista ...
Support Vector Machines Under Adversarial Label Noise (ACML 2011) - Battista ...
Pluribus One
 
Understanding the risk factors of learning in adversarial environments
Understanding the risk factors of learning in adversarial environmentsUnderstanding the risk factors of learning in adversarial environments
Understanding the risk factors of learning in adversarial environments
Pluribus One
 
Amilab IJCB 2011 Poster
Amilab IJCB 2011 PosterAmilab IJCB 2011 Poster
Amilab IJCB 2011 Poster
Pluribus One
 
Ariu - Workshop on Artificial Intelligence and Security - 2011
Ariu - Workshop on Artificial Intelligence and Security - 2011Ariu - Workshop on Artificial Intelligence and Security - 2011
Ariu - Workshop on Artificial Intelligence and Security - 2011
Pluribus One
 
Ariu - Workshop on Applications of Pattern Analysis 2010 - Poster
Ariu - Workshop on Applications of Pattern Analysis 2010 - PosterAriu - Workshop on Applications of Pattern Analysis 2010 - Poster
Ariu - Workshop on Applications of Pattern Analysis 2010 - Poster
Pluribus One
 

More from Pluribus One (20)

Smart Textiles - Prospettive di mercato - Davide Ariu
Smart Textiles - Prospettive di mercato - Davide Ariu Smart Textiles - Prospettive di mercato - Davide Ariu
Smart Textiles - Prospettive di mercato - Davide Ariu
 
Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning - 2019 Int...
Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning - 2019 Int...Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning - 2019 Int...
Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning - 2019 Int...
 
Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning. ICMLC 201...
Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning. ICMLC 201...Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning. ICMLC 201...
Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning. ICMLC 201...
 
Wild patterns - Ten years after the rise of Adversarial Machine Learning - Ne...
Wild patterns - Ten years after the rise of Adversarial Machine Learning - Ne...Wild patterns - Ten years after the rise of Adversarial Machine Learning - Ne...
Wild patterns - Ten years after the rise of Adversarial Machine Learning - Ne...
 
WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019
WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019
WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019
 
Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub...
Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub...Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub...
Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub...
 
Battista Biggio, Invited Keynote @ AISec 2014 - On Learning and Recognition o...
Battista Biggio, Invited Keynote @ AISec 2014 - On Learning and Recognition o...Battista Biggio, Invited Keynote @ AISec 2014 - On Learning and Recognition o...
Battista Biggio, Invited Keynote @ AISec 2014 - On Learning and Recognition o...
 
Battista Biggio @ AISec 2014 - Poisoning Behavioral Malware Clustering
Battista Biggio @ AISec 2014 - Poisoning Behavioral Malware ClusteringBattista Biggio @ AISec 2014 - Poisoning Behavioral Malware Clustering
Battista Biggio @ AISec 2014 - Poisoning Behavioral Malware Clustering
 
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...
Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...
 
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...
Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...
 
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...
 
Battista Biggio @ ICML2012: "Poisoning attacks against support vector machines"
Battista Biggio @ ICML2012: "Poisoning attacks against support vector machines"Battista Biggio @ ICML2012: "Poisoning attacks against support vector machines"
Battista Biggio @ ICML2012: "Poisoning attacks against support vector machines"
 
Zahid Akhtar - Ph.D. Defense Slides
Zahid Akhtar - Ph.D. Defense SlidesZahid Akhtar - Ph.D. Defense Slides
Zahid Akhtar - Ph.D. Defense Slides
 
Design of robust classifiers for adversarial environments - Systems, Man, and...
Design of robust classifiers for adversarial environments - Systems, Man, and...Design of robust classifiers for adversarial environments - Systems, Man, and...
Design of robust classifiers for adversarial environments - Systems, Man, and...
 
Robustness of multimodal biometric verification systems under realistic spoof...
Robustness of multimodal biometric verification systems under realistic spoof...Robustness of multimodal biometric verification systems under realistic spoof...
Robustness of multimodal biometric verification systems under realistic spoof...
 
Support Vector Machines Under Adversarial Label Noise (ACML 2011) - Battista ...
Support Vector Machines Under Adversarial Label Noise (ACML 2011) - Battista ...Support Vector Machines Under Adversarial Label Noise (ACML 2011) - Battista ...
Support Vector Machines Under Adversarial Label Noise (ACML 2011) - Battista ...
 
Understanding the risk factors of learning in adversarial environments
Understanding the risk factors of learning in adversarial environmentsUnderstanding the risk factors of learning in adversarial environments
Understanding the risk factors of learning in adversarial environments
 
Amilab IJCB 2011 Poster
Amilab IJCB 2011 PosterAmilab IJCB 2011 Poster
Amilab IJCB 2011 Poster
 
Ariu - Workshop on Artificial Intelligence and Security - 2011
Ariu - Workshop on Artificial Intelligence and Security - 2011Ariu - Workshop on Artificial Intelligence and Security - 2011
Ariu - Workshop on Artificial Intelligence and Security - 2011
 
Ariu - Workshop on Applications of Pattern Analysis 2010 - Poster
Ariu - Workshop on Applications of Pattern Analysis 2010 - PosterAriu - Workshop on Applications of Pattern Analysis 2010 - Poster
Ariu - Workshop on Applications of Pattern Analysis 2010 - Poster
 

Recently uploaded

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 

Recently uploaded (20)

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 

Ariu - Workshop on Multiple Classifier Systems - 2011

  • 1. University of Cagliari Department of Electric and Electronic Engineering A modular architecture for the analysis of HTTP payloads based on Multiple Classifiers Davide Ariu Giorgio Giacinto davide.ariu@diee.unica.it giacinto@diee.unica.it Napoli, 17 Giugno 2011 This research was sponsored by the  Pattern Recognition and Applications Group Autonomous Region of Sardinia through a grant  Group  http://prag.diee.unica.it financed with the ”Sardinia PO FSE 2007‐2013”  funds and provided according to the L.R. 7/2007 
  • 2. Outline •  Motivations •  The proposed system •  Experimental Setup and Results •  Conclusions Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 2
  • 3. The objective Design of an anomaly based Intrusion Detection System for the protection of Web Servers and Applications. The HTTP traffic toward the web servers is inspected by a multiple classifier system. Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 3
  • 4. Why Web Applications? Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 4
  • 5. Why Anomaly Detection? Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 5
  • 6. A legitimate Payload... GET /pra/ita/home.php HTTP/1.1 Host: prag.diee.unica.it Accept: text/*, text/html User-Agent: Mozilla/4.0 Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 6
  • 7. A legitimate Payload... Request Line GET /pra/ita/home.php HTTP/1.1 Host: prag.diee.unica.it Accept: text/*, text/html User-Agent: Mozilla/4.0 Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 7
  • 8. A legitimate Payload... Request Line GET /pra/ita/home.php HTTP/1.1 Host: prag.diee.unica.it Accept: text/*, text/html User-Agent: Mozilla/4.0 Request Headers Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 8
  • 9. ...and some attacks •  Long Request Buffer Overflow HEAD / aaaaaaa…aaaaaaaaaaaa •  URL Decoding Error GET /d/winnt/sys32/cmd.exe?/c+dir HTTP/1.0 Host: www Connection: close Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 9
  • 10. Why Payload Analysis? •  Detection of Web-based attacks based on the –  Analysis of the Request-Line •  Allows detecting only attacks that exploit input-validation flows e.g. Spectrogram ([Song,2009]), HMM-Web ([Corona,2009]) –  HTTP Payload Analysis •  Takes into account the whole HTTP-request, and thus it can (in principle) detect any kind of attack Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 10
  • 11. SOA - Payload Analysis •  Payl [Wang,2004] –  n-grams to represent byte statistics •  McPAD [Perdisci,2009] –  Ensemble of one-class SVM trained on ν-grams •  Spectrogram [Wang,2009] –  Ensemble of Markov Chains to analyze the request-Line •  HMMPayl [Ariu,2011] –  Ensemble of HMM to analyze sequences of bytes from the whole payload None of the above techniques represented the structure of the payload Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 11
  • 12. The proposed system Basic Idea •  We propose to take into account the structure of HTTP payloads – For each line of the payload, an ensemble of HMM is used to model the sequences of bytes. – The final decision is obtained by using the HMM outputs as features. The payload is thus classified by a one-class classifier trained on the outputs of the HMM ensembles. Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 12
  • 13. The proposed system A scheme HMM Ensemble  HTTP Payload  Request‐Line  IDS  HMM Ensemble  GET /pra/index.php HTTP/1.1 Accept‐Language  0.62  Host: prag.diee.unica.it ‐1  User-Agent: Mozilla/5.0 Output Score   One‐Class  Accept-Encoding: gzip, deflate HMM Ensemble  0.53  or  Classifier  Host  Class‐Label  0.34  HMM Ensemble  0.49  User‐Agent  HMM Ensemble  Accept‐Encoding  Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 13
  • 14. Missing Features •  Each request typically does not contain all the headers –  Training phase: the value of the feature related to a missing header has been set to the average value –  Testing phase: the value of the feature related to a missing header has been set to -1 Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 14
  • 15. Experimental Setup - 1 •  2 Datasets of Real legitimate traffic –  DIEE, collected at the University of Cagliari –  GT, collected at Georgia Tech Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 15
  • 16. Experimental Setup - 2  •  3 Datasets of Real Attacks – Generic, 66 Attacks – Shell-code, 11 Attacks – XSS-SQL Injection,38 Attacks •  Training: 1 day of traffic •  Test: the remaining traffic plus attacks – K-fold CV 16 
  • 17. Experimental Setup - 3 •  4 One-class classification algorithms with default setting of parameters –  Gauss - Gaussian distribution –  Mog – Mixture of Gaussians –  Parzen – Parzen density estimator –  SVM – SVM with RBF Kernel •  Performance evaluated using the Partial AUC –  Computed in the FP range [0,0.1] –  Normalized dividing by 0.1 Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 17
  • 18. Experimental Results Partial AUC – DIEE Dataset Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 18
  • 19. Experimental Results Multiple HMM – DIEE Dataset – Shellcode Attacks Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 19
  • 20. Experimental Results Partial AUC – GT Dataset Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 20
  • 21. Experimental Results Comparison with similar IDS Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 21
  • 22. Computational Cost Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 22
  • 23. Conclusions •  We proposed an anomaly based IDS for the protection of Web-Servers and Web- Applications •  We exploited the MCS paradigm –  To analyze the structure of the HTTP payload –  By combining the outputs through a One-class classifier •  Compared to similar systems, our propoal –  Provides high performance in attack detection –  Is fast Pattern Recognition and Applications Group Group  http://prag.diee.unica.it 23