SlideShare a Scribd company logo
Intrusion Detection Systems
Lecture #6
Application-Specific and Database
Intrusion Detection
Introduction
• Existing work on intrusion detection have mainly
focused on network intrusion and host-based attacks
• The earliest proposals for intrusion detection were
based on the use of audit data from the host being
monitored
• Audit data is provided by the operating system or
other applications running in the host
• Host based intrusion detection (HIDS) is performed
at the operating system level by comparing expected
and observed system resource usage
12/6/2017 Hitesh Mohapatra Ph.D 2
Introduction
• Network intrusion detection systems (NIDSs) observe the
network traffic that goes to and from the systems being
monitored
• NIDSs are positioned at various points in a network to detect
any attack on the hosts of that network
• To capture most of the data passing through the network, we
need to position the IDS at the entry and exit point of the
network to the outside world
• Some more IDSs may also be placed in the internal network,
depending on the level of security needed
• This approach has the advantage is that even a single and
properly placed NIDS can monitor a number of hosts
12/6/2017 Hitesh Mohapatra Ph.D 3
Limitations of HIDSs
• The information sources for HIDSs reside on the host,
that is targeted by attackers. So, the IDS itself may be
attacked and thereby disabled during the attack
• In addition, HIDSs require resources of the host to
operate and are harder to manage as information must
be configured and managed for every host individually
• An HIDS can only be trusted up to the point till the
system/host is not compromised:
– A secure logging mechanism is necessary to prevent logs from
being erased if the attacker compromises the machine
– An attacker obtaining super user privilege on the host can
disable the HIDS
– HIDS may become ineffective during DoS attacks
12/6/2017 4Hitesh Mohapatra Ph.D
Limitations of NIDSs
• Cannot see attacks arriving over a path that does not
traverse the network segment being monitored
• Cannot observe actions that occur inside a host (miss
local attacks)
• Use of encryption mechanisms during transmission
make NIDSs ineffective because they cannot examine
the contents of encrypted communications
12/6/2017 5Hitesh Mohapatra Ph.D
Database IDS (DIDS)
• Organizations use Data Base Management Systems
(DBMS) as the main data management technology for
storing and accessing information
• Ability to access information and carry out on-line
transactions from anywhere using the Internet and web-
based applications increases the chances of attacks on
database systems
• It is found that 75% of the attacks on the Web occur at
the application level
• Concern regarding the security of databases has thus
become more crucial in all information infrastructures
12/6/2017 Hitesh Mohapatra Ph.D 6
Database IDS (DIDS)
• Traditional database security mechanisms provide security
features such as authentication, authorization, access control,
data encryption and auditing
• Despite the use of such prevention-based security
mechanisms for enforcing organizational security, they are not
sufficient for protection of data against syntactically correct
but semantically damaging transactions
• Moreover, in databases, some of the attributes are more
sensitive to malicious modifications as compared to others
• The development of an effective DIDS is essential for
protecting sensitive and confidential (proprietary) information
stored in DBMSs
12/6/2017 Hitesh Mohapatra Ph.D 7
Application-Specific IDS (AppIDS)
• AppIDS detect intrusions more accurately in context of
the application by considering the semantics (domain
knowledge) of the application and various application-
specific rules
• This type of IDS uses a large number of domain related
attributes for profile building which makes the profile
difficult to be guessed by the outside intruders as well
as by the insiders
• Intrusion detection is required at the application level
for facilitating accurate detection of frauds in specific
domains like credit card payment system, mobile
communication networks, medical/automobile
insurance, etc.
12/6/2017 Hitesh Mohapatra Ph.D 8
Requirements of Application-Specific
(AppIDS) and Database IDS (DIDS)
• At the level of database, a file has an inherent structure
which is subdivided into tables, rows and columns
• HIDSs and NIDSs cannot detect changes to the structure
or rows of the tables
– For example, if data is stored in a file, then the OS level IDS can
only determine whether or not the file as a whole has changed.
It cannot identify any malicious updates/deletes made to
attributes/records of the file
• A DIDS/AppIDS can identify database level changes easily
and thus are able to detect more critical attacks such as
those carried out by internal intruders
12/6/2017 Hitesh Mohapatra Ph.D 9
Database IDS (DIDS)
• The attributes corresponding to a single transaction are
known as intra-transactional (Eg. query type, accessed table
name(s), accessed attribute name(s), transaction location and
transaction time, etc.)
• Attributes related to multiple transactions are called inter-
transactional (Eg. which types of queries are invoked after
which types of queries, which tables/attributes are accessed
after which tables/attributes, time gap between successive
transactions by the same user, etc.)
• An IDS which detects intrusion only based on intra-
transactional features like cannot identify the attacks in which
the individual transactions are quite similar to that of normal
transactions
• When an attacker requests multiple transactions, it is possible
to identify inter-transactional deviation
12/6/2017 10Hitesh Mohapatra Ph.D
CASE STUDY OF AN APPIDS: CREDIT
CARD FRAUD DETECTION SYSTEM
12/6/2017 Hitesh Mohapatra Ph.D 11
Credit Card Fraud Detection System
• Specific application of Intrusion Detection System
• Fraudulent transactions on credit cards is a common
problem especially with respect to online
transactions
• Thieves obtain card numbers by shoulder surfing,
packet intercepting, database stealing, etc.
• The problem is expected to multiply many-folds in
the future
12/6/2017 12Hitesh Mohapatra Ph.D
Types of Credit Card Purchases
• Credit card purchases can be done in two ways:
– Physical card purchases: Cardholder presents his card
physically to a merchant for making a payment
– Virtual card purchases: Only some important
information about a card (card number, name on card,
expiration date, secure code, etc.) is required to be
entered for making the payment which are done on
the Internet or over phone
12/6/2017 Hitesh Mohapatra Ph.D 13
Types of Credit Card Fraud
• According to the type of purchase, credit card frauds can
be categorized into two types:
1) Physical Card Fraud:
– To carry out fraudulent transactions in this kind of purchase, an attacker
has to steal or clone the credit card
– If the cardholder does not realize the loss of card, it can lead to a
substantial financial loss to the credit card company
2) Virtual Card Fraud:
– To commit fraud in these types of purchases, a fraudster requires to
know the card details
– The genuine cardholder may not aware that someone else has seen or
stolen his card information
– The only way to detect this kind of fraud is to analyze the spending
patterns on every card and to figure out any inconsistency with respect
to the “normal” spending patterns (profile)
12/6/2017 Hitesh Mohapatra Ph.D 14
15
Credit Card Fraud Detection
• Credit card fraud detection is a specific application of
intrusion detection in databases
• Credit card fraud is increasing rapidly resulting in loss
of billions of dollars every year
• Effective technologies are required to detect fraud in
order to maintain the viability of the payment system
• Usually, every cardholder has a certain shopping
behavior which establishes an activity/normal profile
for him/her
12/6/2017 Hitesh Mohapatra Ph.D
16
Credit Card Fraud Detection
• As a result of personal needs or seasonal needs, patterns
of legitimate behavior may change over time
• Systems that cannot “evolve” or “learn” soon become
outdated resulting in large number of false alarms
• The fraudster can also attempt new types of attacks so as
to bypass the Credit Card Fraud Detection System
(CCFDS)
• Thus, there is a need for developing a CCFDS which can:
– Combine multiple evidences including patterns of genuine
cardholders as well as fraudsters
– Adapt to the change of spending patterns of cardholders
12/6/2017 Hitesh Mohapatra Ph.D
Challenges in Credit card Fraud
Detection
• Orders could be shipped to a different address than the
billing address (normally while gifting to someone)
• Orders could be shipped to a single address but made on
multiple cards
• The genuine transactions could be interspersed with the
fraudulent transactions
• Number of fraudulent transactions is quite less as
compared to the volume of genuine transactions (class
imbalance problem)
• The company incurs a finite cost in the event of check
back (manual confirmation with actual cardholder)
• The customer may not be always contactable
12/6/2017 17Hitesh Mohapatra Ph.D
Limitations of Existing CCFDS
• Existing approaches on CCFD are either anomaly or
misuse-based systems
• Anomaly-based FDSs raise large number of false alarms
and misuse-based FDSs cannot detect new fraud patterns:
– Deviation in access behavior of genuine cardholders due to
special requirements raise false alarms (Anomaly CCFDS)
– New fraud types that the detection system is not aware of,
mostly go undetected (Misuse CCFDS)
• Objective: A hybrid CCFD model that integrates the
advantages of both anomaly and misuse-based systems so
as to achieve high detection rate along with minimized
false alarms
1812/6/2017 Hitesh Mohapatra Ph.D
19
Case Study: Credit Card Fraud Detection
• Suvasini Panigrahi, Amaln Kundu, Shamik Sural and
A. K. Majumdar, “Credit Card Fraud Detection: A
Fusion Approach using Dempster-Shafer Theory
and Bayesian Learning”, Information Fusion
(Special Issue on Information Fusion in Computer
Security), Elsevier, Vol. 10, No. 4, Pages 354-363,
2009
12/6/2017 Hitesh Mohapatra Ph.D
Case Study: Credit Card Fraud Detection
• The basic idea of our approach is that:
– Fraudsters are usually not completely familiar with the
cardholder’s normal spending profile
– Their aim is to gain maximum profit in a limited amount of
time before they get caught
• Transactions carried out by a fraudster usually show
some deviation in terms of transaction amount as
well as time gap between successive transactions
(carrying out high value transactions frequently),
which needs to be captured by our CCFDS
12/6/2017 Hitesh Mohapatra Ph.D 20
21
Proposed CCFD System
• We have proposed a two-stage CCFDS that combines
evidences from:
– Cardholder’s current activity patterns (First Stage)
– Cardholder’s past transaction profile as well as the
history of fraudulent activities available to the card
issuing bank (Second Stage)
• The evidences are combined using the Dempster-Shafer
theory and an initial belief (P(h)) is computed
• An incoming transaction is classified as genuine,
fraudulent or suspicious depending on the value of P(h)
12/6/2017 Hitesh Mohapatra Ph.D
Proposed CCFD System
• Two preset threshold values lower threshold (ѲLT) and
upper threshold (ѲUT) are determined experimentally are
used for taking decision about an incoming transaction
• If a transaction is determined to be genuine or
fraudulent, it is not processed further
• If a transaction is found to be suspicious, the initial belief
is updated using Bayesian learning based on additional
evidence obtained from transaction history databases
• Proposed CCFDS integrates anomaly detection and
misuse detection techniques to improve the accuracy of
the system
12/6/2017 Hitesh Mohapatra Ph.D 22
Proposed CCFD System
• To meet the required functionality, the
proposed CCFDS is designed with the
following four components:
 Rule-based Filter (RBF)
 Dempster-Shafer Adder (D-S Adder)
 Transaction History Database (THD)
 Bayesian Learner (BL)
12/6/2017 Hitesh Mohapatra Ph.D 23
24
Rule-Based Filter
• Generic and customer-specific rules are used to
monitor behavioral patterns of a cardholder
• Each Rule Ri measures intrusiveness of a
transaction by assigning basic probabilities mi(h)
• The current model uses two rule-based techniques
at this component:
– Address Mismatch
– Outlier Detection
12/6/2017 Hitesh Mohapatra Ph.D
Rule-Based Filter
1) Address Mismatch(R1):
• Orders could be shipped to a different address (shipping
address) than the billing address
• A transaction that clears this check can be classified as
genuine with very high probability
• The transactions that violate this check are labeled as
suspect
2) Outlier Detection(R2):
• A fraudster is likely to deviate from the customer’s profile,
his transactions can thus be detected as outliers
• We have used DBSCAN (Density Based Spatial Clustering of
Applications with Noise) [3] algorithm to filter out outliers
• Any transaction detected as an outlier gives evidence that it
could be fraudulent
2512/6/2017 Hitesh Mohapatra Ph.D
26
Rule-Based Filter
• In the current work, we have used “transaction amount”
as an attribute for detecting outliers
• The rule-based filter is essential since it separates out
most of the genuine transactions so that the FDS do not
have to unnecessarily investigate millions of regular
legitimate transactions
• This component is kept flexible so that new rules can
always be added according to existing trends, further
enriching its functionality
12/6/2017 Hitesh Mohapatra Ph.D
27
D-S Adder
• The role of the D-S adder is to combine evidences from
the rules R1 and R2 at the RBF in order to compute the
initial belief P(h) for each transaction
• The D-S adder uses the Dempster-Shafer theory (D-S
theory) of evidence to combine information
• The D-S theory assumes a Universe of Discourse U, also
called Frame of Discernment, which is a set of mutually
exclusive and exhaustive possibilities
12/6/2017 Hitesh Mohapatra Ph.D
28
D-S Adder
• For every incoming transaction, the rules R1 and R2 share their
independent observations about the behavior of the
transaction
• The observations are combined to form a decision about the
transaction’s genuineness
• Two basic probability assignments m1(h) and m2(h) are
combined into a third basic probability assignment m(h) by
the Dempster’s rule for combination as follows:






yx
hyx
ymxm
ymxm
hmhmhmhP
)(*)(1
)(*)(
)()()()(
21
21
21
12/6/2017 Hitesh Mohapatra Ph.D
29
D-S Adder
• For the credit card fraud detection problem, U consists of two
possible values for any suspected transaction:
U = {fraud, ¬fraud}
• For this U, the power set has three possible elements:
h = {fraud} Transaction is fraudulent (Fraud)
= {¬fraud} Transaction is not fraudulent (Genuine)
(h, ) => Transaction is either fraudulent or genuine
(Suspicious)
h
12/6/2017 Hitesh Mohapatra Ph.D
h
First Stage Decision Making
Decision making occurs in two stages in the proposed
system
First level inferences are made based on the initial belief
 If initial belief < lower threshold (ѲLT), transaction is
genuine
 If initial belief > upper threshold (ѲUT), transaction is
fraudulent
 If lower threshold ≤ initial belief ≤ upper threshold,
transaction is suspicious
12/6/2017 Hitesh Mohapatra Ph.D 30
Transaction History Databases (THD)
For tracking suspicious transactions, two transaction
history databases are built:
• Good Transaction History (GTH) – from customer’s past
behavior (customer specific)
• Fraud Transaction History (FTH) – from different types of
past fraudulent data (generic)
Past spending behavior is observed in terms of
frequency of transactions in a specific time gap
12/6/2017 Hitesh Mohapatra Ph.D 31
Transaction History Databases
• Transaction gap is divided into four mutually exclusive and
exhaustive events - D1, D2, D3 and D4
• Occurrence of each event (transaction) depends on the time
since last purchase (transaction gap ρ) on any particular card
3212/6/2017 Hitesh Mohapatra Ph.D
Transaction History Databases
• Conditional probabilities (evidence) and are
determined from the transaction history databases FTH and
GTH respectively:
• We have created two look-up tables FFT (Fraud Frequency
Table) and GFT (Good Frequency Table) to maintain the values
of the conditional probabilities
12/6/2017 Hitesh Mohapatra Ph.D 33
Bayesian Learning
 The general idea of belief revision is that, whenever new
information becomes available, it may require updating of
prior beliefs
 The prior/initial belief P(h) can be updated by using Bayes’
Rule after getting the new information Di from the THD
 Posterior belief (P(h| Di)) of a suspicious transaction is
computed using Bayesian learning based on evidence from
THD
3412/6/2017 Hitesh Mohapatra Ph.D
Bayesian Learning
• The goal of Bayesian learning is to find the most probable
hypothesis hmap given the training data (Maximum A Posteriori
Hypothesis)
• Depending on which of the posterior values is greater, the
future actions are decided by the FDS
12/6/2017 Hitesh Mohapatra Ph.D 35
Second Stage Decision Making
• Suspicion score (ψ) of transaction is updated by
combining its posterior belief and initial belief
• For the first suspicious transaction on a card,
suspicion score is same as its initial belief
• Final decision is made about the transaction
according to its suspicion score
3612/6/2017 Hitesh Mohapatra Ph.D
Initial Belief
Analysis
FFTFTH (Generic)
TRANSACTION HISTORY
DATABASE
P(h)
Genuine/Fraudulent
suspect table
Suspicious
BPA_R1, BPA_R2
Incoming Transaction T on card Ck
)|(),|( EhPEhP
P(h) Suspicion
Score Analysis
D-S ADDER
BAYESIAN LEARNER
D-S ADDER
RULE-BASED FILTER
Genuine/Fraudulent
Event E
occurs
Ck, P(Ck)
)RoundLast(

GTH (User specific) GFT
)|(),|( hEPhEP
)RoundCurrent(
UTLT  ,
UTLT  ,
Flow of Events in the Proposed CCFD System
3712/6/2017 Hitesh Mohapatra Ph.D
Mobile Telecommunication Fraud
Detection
• Extension of the proposed approach was developed with new
features such as “transaction type” for fraud detection in
mobile communication networks by considering the domain-
related issues and also including the various application-
specific changes [4]
– Suvasini Panigrahi, Amaln Kundu, Shamik Sural and A. K. Majumdar,
“Use of Dempster-Shafer Theory and Bayesian Inferencing for Fraud
Detection in Mobile Communication Networks”, Lecture Notes in
Computer Science (LNCS-4586), Springer Verlag, Australasian
Conference on Information Security and Privacy (ACISP), Townsville,
Queensland, Australia, Pages 446-460, 2007
12/6/2017 Hitesh Mohapatra Ph.D 38
Database Intrusion Detection
• Generalization of the proposed approach for intrusion
detection in databases by applying an extension of
Dempster-Shafer theory and Bayesian inferencing
• Sensitivity of attributes is also taken into consideration
for tracking against malicious modifications
– Published in
• IEEE Symposium on Computational Intelligence in Cyber
Security (CICS 2009) [5]
• Information Systems Frontiers (Special Issue on Security
Management and Technologies for Protecting Against
Internal Data Leakages), Springer, 2010 [6]
12/6/2017 Hitesh Mohapatra Ph.D 39
40
References
1. A. C. Murray, “The Threat From Within, Network Computing”, URL –
http://www.networkcomputing.com/data-protection/the-threat-from-
within/229616352, August 2005
2. Suvasini Panigrahi, Amaln Kundu, Shamik Sural and A. K. Majumdar,
“Credit Card Fraud Detection: A Fusion Approach using Dempster-
Shafer Theory and Bayesian Learning”, Information Fusion (Special
Issue on Information Fusion in Computer Security), Elsevier, Vol. 10,
No. 4, Pages 354-363, 2009
3. M. Ester, H. P. Kriegel, J. Sander and X. Xu, “A Density-Based Algorithm
for Discovering Clusters in Large Spatial Databases with Noise”, In
Proceedings of the 2nd International Conference on Knowledge
Discovery and Data Mining (KDD),Pages: 226-231, 1996
12/6/2017 Hitesh Mohapatra Ph.D
References
4. Suvasini Panigrahi, Amaln Kundu, Shamik Sural and A. K. Majumdar,
“Use of Dempster-Shafer Theory and Bayesian Inferencing for Fraud
Detection in Mobile Communication Networks”, Lecture Notes in
Computer Science (LNCS-4586), Springer Verlag, Australasian
Conference on Information Security and Privacy (ACISP), Townsville,
Queensland, Australia, Pages 446-460, 2007
5. Suvasini Panigrahi, Shamik Sural and A. K. Majumdar, “Detection of
Intrusive Activity in Databases by Combining Multiple Evidences and
Belief Update”, IEEE Symposium on Computational Intelligence in Cyber
Security (CICS 2009), Nashville, Tennessee, USA, Pages 83-90, 2009
6. Suvasini Panigrahi, Shamik Sural and A. K. Majumdar, “Two-Stage
Database Intrusion Detection by Combining Multiple Evidence and
Belief Update”, Information Systems Frontiers (Special Issue on Security
Management and Technologies for Protecting Against Internal Data
Leakages), Springer, DOI: 10.1007/s10796-010-9252-2, Pages 1-19,
Online First 11th August 2010
12/6/2017 Hitesh Mohapatra Ph.D 41

More Related Content

What's hot

Security Ecosystem of Digital Wallets
Security Ecosystem of Digital Wallets Security Ecosystem of Digital Wallets
Security Ecosystem of Digital Wallets
Saumya Vishnoi
 
Bright talk ai_deep_learning_banks copy
Bright talk ai_deep_learning_banks copyBright talk ai_deep_learning_banks copy
Bright talk ai_deep_learning_banks copy
Bhagvan Kommadi
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
okrantz
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
sameh Abulfotooh
 
Critical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet BankingCritical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet Banking
Thomas Donofrio
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls Presentation
Bill Lisse
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
leon bonilla
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
 
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
Whitepaper   Real Time Transaction Analysis And Fraudulent Transaction Detect...Whitepaper   Real Time Transaction Analysis And Fraudulent Transaction Detect...
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
Alan McSweeney
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
Saumya Vishnoi
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
HelpSystems
 
Threats
ThreatsThreats
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
SafeNet
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting Introduction
Blackbaud
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
himalya sharma
 
Unlock Security Insight from Machine Data
Unlock Security Insight from Machine DataUnlock Security Insight from Machine Data
Unlock Security Insight from Machine Data
Narudom Roongsiriwong, CISSP
 
3.7 HMIS: Ask the Experts
3.7 HMIS: Ask the Experts3.7 HMIS: Ask the Experts
3.7 HMIS: Ask the Experts
National Alliance to End Homelessness
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
Anil Jain
 
Critical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachCritical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target Breach
Teri Radichel
 

What's hot (20)

Security Ecosystem of Digital Wallets
Security Ecosystem of Digital Wallets Security Ecosystem of Digital Wallets
Security Ecosystem of Digital Wallets
 
Bright talk ai_deep_learning_banks copy
Bright talk ai_deep_learning_banks copyBright talk ai_deep_learning_banks copy
Bright talk ai_deep_learning_banks copy
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
 
Critical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet BankingCritical Security And Compliance Issues In Internet Banking
Critical Security And Compliance Issues In Internet Banking
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls Presentation
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
 
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
Whitepaper   Real Time Transaction Analysis And Fraudulent Transaction Detect...Whitepaper   Real Time Transaction Analysis And Fraudulent Transaction Detect...
Whitepaper Real Time Transaction Analysis And Fraudulent Transaction Detect...
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
 
Threats
ThreatsThreats
Threats
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting Introduction
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
 
Unlock Security Insight from Machine Data
Unlock Security Insight from Machine DataUnlock Security Insight from Machine Data
Unlock Security Insight from Machine Data
 
3.7 HMIS: Ask the Experts
3.7 HMIS: Ask the Experts3.7 HMIS: Ask the Experts
3.7 HMIS: Ask the Experts
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
 
Critical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target BreachCritical Controls Might Have Prevented the Target Breach
Critical Controls Might Have Prevented the Target Breach
 

Similar to DIDS and AppIDS

The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EU
Resilient Systems
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
RoyBokhiriya
 
Intrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention systemIntrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention system
salutiontechnology
 
credit card fruad detection from the fake users.pptx
credit card fruad detection from the fake users.pptxcredit card fruad detection from the fake users.pptx
credit card fruad detection from the fake users.pptx
227r1a0519
 
GDPR Noncompliance: Avoid the Risk with Data Virtualization
GDPR Noncompliance: Avoid the Risk with Data VirtualizationGDPR Noncompliance: Avoid the Risk with Data Virtualization
GDPR Noncompliance: Avoid the Risk with Data Virtualization
Denodo
 
GDPR | Cyber security process resilience
GDPR | Cyber security process resilienceGDPR | Cyber security process resilience
GDPR | Cyber security process resilience
Rishi Kant
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
Adrian Dumitrescu
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case study
Abhilash vijayan
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Security
elipanganiban15
 
A Survey on Various Data Mining Technique in Intrusion Detection System
A Survey on Various Data Mining Technique in Intrusion Detection SystemA Survey on Various Data Mining Technique in Intrusion Detection System
A Survey on Various Data Mining Technique in Intrusion Detection System
IOSRjournaljce
 
ch08.ppt
ch08.pptch08.ppt
ch08.ppt
HaipengCai1
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)
Maksim Djackov
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
Hitesh Mohapatra
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial Services
Cloudera, Inc.
 
apidays LIVE New York 2021 - Security Design Patterns that Protect Sensitive ...
apidays LIVE New York 2021 - Security Design Patterns that Protect Sensitive ...apidays LIVE New York 2021 - Security Design Patterns that Protect Sensitive ...
apidays LIVE New York 2021 - Security Design Patterns that Protect Sensitive ...
apidays
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
Semir Ibrahimovic
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
Semir Ibrahimovic
 
Intrusion Detection Systems
Intrusion Detection SystemsIntrusion Detection Systems
Intrusion Detection Systems
vamsi_xmen
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...
Zara Nawaz
 
Cloud-Based Big Data Analytics
Cloud-Based Big Data AnalyticsCloud-Based Big Data Analytics
Cloud-Based Big Data Analytics
Sateeshreddy N
 

Similar to DIDS and AppIDS (20)

The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EU
 
Unit-5.pptx
Unit-5.pptxUnit-5.pptx
Unit-5.pptx
 
Intrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention systemIntrusion detection system and intrusion prevention system
Intrusion detection system and intrusion prevention system
 
credit card fruad detection from the fake users.pptx
credit card fruad detection from the fake users.pptxcredit card fruad detection from the fake users.pptx
credit card fruad detection from the fake users.pptx
 
GDPR Noncompliance: Avoid the Risk with Data Virtualization
GDPR Noncompliance: Avoid the Risk with Data VirtualizationGDPR Noncompliance: Avoid the Risk with Data Virtualization
GDPR Noncompliance: Avoid the Risk with Data Virtualization
 
GDPR | Cyber security process resilience
GDPR | Cyber security process resilienceGDPR | Cyber security process resilience
GDPR | Cyber security process resilience
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case study
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Security
 
A Survey on Various Data Mining Technique in Intrusion Detection System
A Survey on Various Data Mining Technique in Intrusion Detection SystemA Survey on Various Data Mining Technique in Intrusion Detection System
A Survey on Various Data Mining Technique in Intrusion Detection System
 
ch08.ppt
ch08.pptch08.ppt
ch08.ppt
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial Services
 
apidays LIVE New York 2021 - Security Design Patterns that Protect Sensitive ...
apidays LIVE New York 2021 - Security Design Patterns that Protect Sensitive ...apidays LIVE New York 2021 - Security Design Patterns that Protect Sensitive ...
apidays LIVE New York 2021 - Security Design Patterns that Protect Sensitive ...
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
Intrusion Detection Systems
Intrusion Detection SystemsIntrusion Detection Systems
Intrusion Detection Systems
 
information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...information security (Audit mechanism, intrusion detection, password manageme...
information security (Audit mechanism, intrusion detection, password manageme...
 
Cloud-Based Big Data Analytics
Cloud-Based Big Data AnalyticsCloud-Based Big Data Analytics
Cloud-Based Big Data Analytics
 

More from Hitesh Mohapatra

Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
Hitesh Mohapatra
 
Virtualization: A Key to Efficient Cloud Computing
Virtualization: A Key to Efficient Cloud ComputingVirtualization: A Key to Efficient Cloud Computing
Virtualization: A Key to Efficient Cloud Computing
Hitesh Mohapatra
 
Automating the Cloud: A Deep Dive into Virtual Machine Provisioning
Automating the Cloud: A Deep Dive into Virtual Machine ProvisioningAutomating the Cloud: A Deep Dive into Virtual Machine Provisioning
Automating the Cloud: A Deep Dive into Virtual Machine Provisioning
Hitesh Mohapatra
 
Harnessing the Power of Google Cloud Platform: Strategies and Applications
Harnessing the Power of Google Cloud Platform: Strategies and ApplicationsHarnessing the Power of Google Cloud Platform: Strategies and Applications
Harnessing the Power of Google Cloud Platform: Strategies and Applications
Hitesh Mohapatra
 
Scheduling in Cloud Computing
Scheduling in Cloud ComputingScheduling in Cloud Computing
Scheduling in Cloud Computing
Hitesh Mohapatra
 
Cloud-Case study
Cloud-Case study Cloud-Case study
Cloud-Case study
Hitesh Mohapatra
 
RAID
RAIDRAID
Load balancing in cloud computing.pptx
Load balancing in cloud computing.pptxLoad balancing in cloud computing.pptx
Load balancing in cloud computing.pptx
Hitesh Mohapatra
 
Cluster Computing
Cluster ComputingCluster Computing
Cluster Computing
Hitesh Mohapatra
 
ITU-T requirement for cloud and cloud deployment model
ITU-T requirement for cloud and cloud deployment modelITU-T requirement for cloud and cloud deployment model
ITU-T requirement for cloud and cloud deployment model
Hitesh Mohapatra
 
Leetcode Problem Solution
Leetcode Problem SolutionLeetcode Problem Solution
Leetcode Problem Solution
Hitesh Mohapatra
 
Leetcode Problem Solution
Leetcode Problem SolutionLeetcode Problem Solution
Leetcode Problem Solution
Hitesh Mohapatra
 
Trie Data Structure
Trie Data Structure Trie Data Structure
Trie Data Structure
Hitesh Mohapatra
 
Reviewing basic concepts of relational database
Reviewing basic concepts of relational databaseReviewing basic concepts of relational database
Reviewing basic concepts of relational database
Hitesh Mohapatra
 
Reviewing SQL Concepts
Reviewing SQL ConceptsReviewing SQL Concepts
Reviewing SQL Concepts
Hitesh Mohapatra
 
Advanced database protocols
Advanced database protocolsAdvanced database protocols
Advanced database protocols
Hitesh Mohapatra
 
Measures of query cost
Measures of query costMeasures of query cost
Measures of query cost
Hitesh Mohapatra
 
Involvement of WSN in Smart Cities
Involvement of WSN in Smart CitiesInvolvement of WSN in Smart Cities
Involvement of WSN in Smart Cities
Hitesh Mohapatra
 
Data Structure and its Fundamentals
Data Structure and its FundamentalsData Structure and its Fundamentals
Data Structure and its Fundamentals
Hitesh Mohapatra
 
WORKING WITH FILE AND PIPELINE PARAMETER BINDING
WORKING WITH FILE AND PIPELINE PARAMETER BINDINGWORKING WITH FILE AND PIPELINE PARAMETER BINDING
WORKING WITH FILE AND PIPELINE PARAMETER BINDING
Hitesh Mohapatra
 

More from Hitesh Mohapatra (20)

Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
 
Virtualization: A Key to Efficient Cloud Computing
Virtualization: A Key to Efficient Cloud ComputingVirtualization: A Key to Efficient Cloud Computing
Virtualization: A Key to Efficient Cloud Computing
 
Automating the Cloud: A Deep Dive into Virtual Machine Provisioning
Automating the Cloud: A Deep Dive into Virtual Machine ProvisioningAutomating the Cloud: A Deep Dive into Virtual Machine Provisioning
Automating the Cloud: A Deep Dive into Virtual Machine Provisioning
 
Harnessing the Power of Google Cloud Platform: Strategies and Applications
Harnessing the Power of Google Cloud Platform: Strategies and ApplicationsHarnessing the Power of Google Cloud Platform: Strategies and Applications
Harnessing the Power of Google Cloud Platform: Strategies and Applications
 
Scheduling in Cloud Computing
Scheduling in Cloud ComputingScheduling in Cloud Computing
Scheduling in Cloud Computing
 
Cloud-Case study
Cloud-Case study Cloud-Case study
Cloud-Case study
 
RAID
RAIDRAID
RAID
 
Load balancing in cloud computing.pptx
Load balancing in cloud computing.pptxLoad balancing in cloud computing.pptx
Load balancing in cloud computing.pptx
 
Cluster Computing
Cluster ComputingCluster Computing
Cluster Computing
 
ITU-T requirement for cloud and cloud deployment model
ITU-T requirement for cloud and cloud deployment modelITU-T requirement for cloud and cloud deployment model
ITU-T requirement for cloud and cloud deployment model
 
Leetcode Problem Solution
Leetcode Problem SolutionLeetcode Problem Solution
Leetcode Problem Solution
 
Leetcode Problem Solution
Leetcode Problem SolutionLeetcode Problem Solution
Leetcode Problem Solution
 
Trie Data Structure
Trie Data Structure Trie Data Structure
Trie Data Structure
 
Reviewing basic concepts of relational database
Reviewing basic concepts of relational databaseReviewing basic concepts of relational database
Reviewing basic concepts of relational database
 
Reviewing SQL Concepts
Reviewing SQL ConceptsReviewing SQL Concepts
Reviewing SQL Concepts
 
Advanced database protocols
Advanced database protocolsAdvanced database protocols
Advanced database protocols
 
Measures of query cost
Measures of query costMeasures of query cost
Measures of query cost
 
Involvement of WSN in Smart Cities
Involvement of WSN in Smart CitiesInvolvement of WSN in Smart Cities
Involvement of WSN in Smart Cities
 
Data Structure and its Fundamentals
Data Structure and its FundamentalsData Structure and its Fundamentals
Data Structure and its Fundamentals
 
WORKING WITH FILE AND PIPELINE PARAMETER BINDING
WORKING WITH FILE AND PIPELINE PARAMETER BINDINGWORKING WITH FILE AND PIPELINE PARAMETER BINDING
WORKING WITH FILE AND PIPELINE PARAMETER BINDING
 

Recently uploaded

spirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptxspirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptx
Madan Karki
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
IJECEIAES
 
NATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENT
NATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENTNATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENT
NATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENT
Addu25809
 
BRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdfBRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdf
LAXMAREDDY22
 
Casting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdfCasting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdf
zubairahmad848137
 
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
ecqow
 
Engineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdfEngineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdf
abbyasa1014
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
gerogepatton
 
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
insn4465
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
IJECEIAES
 
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesHarnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Christina Lin
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
Madan Karki
 
Transformers design and coooling methods
Transformers design and coooling methodsTransformers design and coooling methods
Transformers design and coooling methods
Roger Rozario
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
kandramariana6
 
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by AnantLLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
Anant Corporation
 
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have oneISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
Las Vegas Warehouse
 
Understanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine LearningUnderstanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine Learning
SUTEJAS
 
Hematology Analyzer Machine - Complete Blood Count
Hematology Analyzer Machine - Complete Blood CountHematology Analyzer Machine - Complete Blood Count
Hematology Analyzer Machine - Complete Blood Count
shahdabdulbaset
 
Material for memory and display system h
Material for memory and display system hMaterial for memory and display system h
Material for memory and display system h
gowrishankartb2005
 
john krisinger-the science and history of the alcoholic beverage.pptx
john krisinger-the science and history of the alcoholic beverage.pptxjohn krisinger-the science and history of the alcoholic beverage.pptx
john krisinger-the science and history of the alcoholic beverage.pptx
Madan Karki
 

Recently uploaded (20)

spirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptxspirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptx
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
 
NATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENT
NATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENTNATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENT
NATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENT
 
BRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdfBRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdf
 
Casting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdfCasting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdf
 
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
 
Engineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdfEngineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdf
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
 
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
 
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesHarnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
 
Transformers design and coooling methods
Transformers design and coooling methodsTransformers design and coooling methods
Transformers design and coooling methods
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
 
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by AnantLLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
 
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have oneISPM 15 Heat Treated Wood Stamps and why your shipping must have one
ISPM 15 Heat Treated Wood Stamps and why your shipping must have one
 
Understanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine LearningUnderstanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine Learning
 
Hematology Analyzer Machine - Complete Blood Count
Hematology Analyzer Machine - Complete Blood CountHematology Analyzer Machine - Complete Blood Count
Hematology Analyzer Machine - Complete Blood Count
 
Material for memory and display system h
Material for memory and display system hMaterial for memory and display system h
Material for memory and display system h
 
john krisinger-the science and history of the alcoholic beverage.pptx
john krisinger-the science and history of the alcoholic beverage.pptxjohn krisinger-the science and history of the alcoholic beverage.pptx
john krisinger-the science and history of the alcoholic beverage.pptx
 

DIDS and AppIDS

  • 1. Intrusion Detection Systems Lecture #6 Application-Specific and Database Intrusion Detection
  • 2. Introduction • Existing work on intrusion detection have mainly focused on network intrusion and host-based attacks • The earliest proposals for intrusion detection were based on the use of audit data from the host being monitored • Audit data is provided by the operating system or other applications running in the host • Host based intrusion detection (HIDS) is performed at the operating system level by comparing expected and observed system resource usage 12/6/2017 Hitesh Mohapatra Ph.D 2
  • 3. Introduction • Network intrusion detection systems (NIDSs) observe the network traffic that goes to and from the systems being monitored • NIDSs are positioned at various points in a network to detect any attack on the hosts of that network • To capture most of the data passing through the network, we need to position the IDS at the entry and exit point of the network to the outside world • Some more IDSs may also be placed in the internal network, depending on the level of security needed • This approach has the advantage is that even a single and properly placed NIDS can monitor a number of hosts 12/6/2017 Hitesh Mohapatra Ph.D 3
  • 4. Limitations of HIDSs • The information sources for HIDSs reside on the host, that is targeted by attackers. So, the IDS itself may be attacked and thereby disabled during the attack • In addition, HIDSs require resources of the host to operate and are harder to manage as information must be configured and managed for every host individually • An HIDS can only be trusted up to the point till the system/host is not compromised: – A secure logging mechanism is necessary to prevent logs from being erased if the attacker compromises the machine – An attacker obtaining super user privilege on the host can disable the HIDS – HIDS may become ineffective during DoS attacks 12/6/2017 4Hitesh Mohapatra Ph.D
  • 5. Limitations of NIDSs • Cannot see attacks arriving over a path that does not traverse the network segment being monitored • Cannot observe actions that occur inside a host (miss local attacks) • Use of encryption mechanisms during transmission make NIDSs ineffective because they cannot examine the contents of encrypted communications 12/6/2017 5Hitesh Mohapatra Ph.D
  • 6. Database IDS (DIDS) • Organizations use Data Base Management Systems (DBMS) as the main data management technology for storing and accessing information • Ability to access information and carry out on-line transactions from anywhere using the Internet and web- based applications increases the chances of attacks on database systems • It is found that 75% of the attacks on the Web occur at the application level • Concern regarding the security of databases has thus become more crucial in all information infrastructures 12/6/2017 Hitesh Mohapatra Ph.D 6
  • 7. Database IDS (DIDS) • Traditional database security mechanisms provide security features such as authentication, authorization, access control, data encryption and auditing • Despite the use of such prevention-based security mechanisms for enforcing organizational security, they are not sufficient for protection of data against syntactically correct but semantically damaging transactions • Moreover, in databases, some of the attributes are more sensitive to malicious modifications as compared to others • The development of an effective DIDS is essential for protecting sensitive and confidential (proprietary) information stored in DBMSs 12/6/2017 Hitesh Mohapatra Ph.D 7
  • 8. Application-Specific IDS (AppIDS) • AppIDS detect intrusions more accurately in context of the application by considering the semantics (domain knowledge) of the application and various application- specific rules • This type of IDS uses a large number of domain related attributes for profile building which makes the profile difficult to be guessed by the outside intruders as well as by the insiders • Intrusion detection is required at the application level for facilitating accurate detection of frauds in specific domains like credit card payment system, mobile communication networks, medical/automobile insurance, etc. 12/6/2017 Hitesh Mohapatra Ph.D 8
  • 9. Requirements of Application-Specific (AppIDS) and Database IDS (DIDS) • At the level of database, a file has an inherent structure which is subdivided into tables, rows and columns • HIDSs and NIDSs cannot detect changes to the structure or rows of the tables – For example, if data is stored in a file, then the OS level IDS can only determine whether or not the file as a whole has changed. It cannot identify any malicious updates/deletes made to attributes/records of the file • A DIDS/AppIDS can identify database level changes easily and thus are able to detect more critical attacks such as those carried out by internal intruders 12/6/2017 Hitesh Mohapatra Ph.D 9
  • 10. Database IDS (DIDS) • The attributes corresponding to a single transaction are known as intra-transactional (Eg. query type, accessed table name(s), accessed attribute name(s), transaction location and transaction time, etc.) • Attributes related to multiple transactions are called inter- transactional (Eg. which types of queries are invoked after which types of queries, which tables/attributes are accessed after which tables/attributes, time gap between successive transactions by the same user, etc.) • An IDS which detects intrusion only based on intra- transactional features like cannot identify the attacks in which the individual transactions are quite similar to that of normal transactions • When an attacker requests multiple transactions, it is possible to identify inter-transactional deviation 12/6/2017 10Hitesh Mohapatra Ph.D
  • 11. CASE STUDY OF AN APPIDS: CREDIT CARD FRAUD DETECTION SYSTEM 12/6/2017 Hitesh Mohapatra Ph.D 11
  • 12. Credit Card Fraud Detection System • Specific application of Intrusion Detection System • Fraudulent transactions on credit cards is a common problem especially with respect to online transactions • Thieves obtain card numbers by shoulder surfing, packet intercepting, database stealing, etc. • The problem is expected to multiply many-folds in the future 12/6/2017 12Hitesh Mohapatra Ph.D
  • 13. Types of Credit Card Purchases • Credit card purchases can be done in two ways: – Physical card purchases: Cardholder presents his card physically to a merchant for making a payment – Virtual card purchases: Only some important information about a card (card number, name on card, expiration date, secure code, etc.) is required to be entered for making the payment which are done on the Internet or over phone 12/6/2017 Hitesh Mohapatra Ph.D 13
  • 14. Types of Credit Card Fraud • According to the type of purchase, credit card frauds can be categorized into two types: 1) Physical Card Fraud: – To carry out fraudulent transactions in this kind of purchase, an attacker has to steal or clone the credit card – If the cardholder does not realize the loss of card, it can lead to a substantial financial loss to the credit card company 2) Virtual Card Fraud: – To commit fraud in these types of purchases, a fraudster requires to know the card details – The genuine cardholder may not aware that someone else has seen or stolen his card information – The only way to detect this kind of fraud is to analyze the spending patterns on every card and to figure out any inconsistency with respect to the “normal” spending patterns (profile) 12/6/2017 Hitesh Mohapatra Ph.D 14
  • 15. 15 Credit Card Fraud Detection • Credit card fraud detection is a specific application of intrusion detection in databases • Credit card fraud is increasing rapidly resulting in loss of billions of dollars every year • Effective technologies are required to detect fraud in order to maintain the viability of the payment system • Usually, every cardholder has a certain shopping behavior which establishes an activity/normal profile for him/her 12/6/2017 Hitesh Mohapatra Ph.D
  • 16. 16 Credit Card Fraud Detection • As a result of personal needs or seasonal needs, patterns of legitimate behavior may change over time • Systems that cannot “evolve” or “learn” soon become outdated resulting in large number of false alarms • The fraudster can also attempt new types of attacks so as to bypass the Credit Card Fraud Detection System (CCFDS) • Thus, there is a need for developing a CCFDS which can: – Combine multiple evidences including patterns of genuine cardholders as well as fraudsters – Adapt to the change of spending patterns of cardholders 12/6/2017 Hitesh Mohapatra Ph.D
  • 17. Challenges in Credit card Fraud Detection • Orders could be shipped to a different address than the billing address (normally while gifting to someone) • Orders could be shipped to a single address but made on multiple cards • The genuine transactions could be interspersed with the fraudulent transactions • Number of fraudulent transactions is quite less as compared to the volume of genuine transactions (class imbalance problem) • The company incurs a finite cost in the event of check back (manual confirmation with actual cardholder) • The customer may not be always contactable 12/6/2017 17Hitesh Mohapatra Ph.D
  • 18. Limitations of Existing CCFDS • Existing approaches on CCFD are either anomaly or misuse-based systems • Anomaly-based FDSs raise large number of false alarms and misuse-based FDSs cannot detect new fraud patterns: – Deviation in access behavior of genuine cardholders due to special requirements raise false alarms (Anomaly CCFDS) – New fraud types that the detection system is not aware of, mostly go undetected (Misuse CCFDS) • Objective: A hybrid CCFD model that integrates the advantages of both anomaly and misuse-based systems so as to achieve high detection rate along with minimized false alarms 1812/6/2017 Hitesh Mohapatra Ph.D
  • 19. 19 Case Study: Credit Card Fraud Detection • Suvasini Panigrahi, Amaln Kundu, Shamik Sural and A. K. Majumdar, “Credit Card Fraud Detection: A Fusion Approach using Dempster-Shafer Theory and Bayesian Learning”, Information Fusion (Special Issue on Information Fusion in Computer Security), Elsevier, Vol. 10, No. 4, Pages 354-363, 2009 12/6/2017 Hitesh Mohapatra Ph.D
  • 20. Case Study: Credit Card Fraud Detection • The basic idea of our approach is that: – Fraudsters are usually not completely familiar with the cardholder’s normal spending profile – Their aim is to gain maximum profit in a limited amount of time before they get caught • Transactions carried out by a fraudster usually show some deviation in terms of transaction amount as well as time gap between successive transactions (carrying out high value transactions frequently), which needs to be captured by our CCFDS 12/6/2017 Hitesh Mohapatra Ph.D 20
  • 21. 21 Proposed CCFD System • We have proposed a two-stage CCFDS that combines evidences from: – Cardholder’s current activity patterns (First Stage) – Cardholder’s past transaction profile as well as the history of fraudulent activities available to the card issuing bank (Second Stage) • The evidences are combined using the Dempster-Shafer theory and an initial belief (P(h)) is computed • An incoming transaction is classified as genuine, fraudulent or suspicious depending on the value of P(h) 12/6/2017 Hitesh Mohapatra Ph.D
  • 22. Proposed CCFD System • Two preset threshold values lower threshold (ѲLT) and upper threshold (ѲUT) are determined experimentally are used for taking decision about an incoming transaction • If a transaction is determined to be genuine or fraudulent, it is not processed further • If a transaction is found to be suspicious, the initial belief is updated using Bayesian learning based on additional evidence obtained from transaction history databases • Proposed CCFDS integrates anomaly detection and misuse detection techniques to improve the accuracy of the system 12/6/2017 Hitesh Mohapatra Ph.D 22
  • 23. Proposed CCFD System • To meet the required functionality, the proposed CCFDS is designed with the following four components:  Rule-based Filter (RBF)  Dempster-Shafer Adder (D-S Adder)  Transaction History Database (THD)  Bayesian Learner (BL) 12/6/2017 Hitesh Mohapatra Ph.D 23
  • 24. 24 Rule-Based Filter • Generic and customer-specific rules are used to monitor behavioral patterns of a cardholder • Each Rule Ri measures intrusiveness of a transaction by assigning basic probabilities mi(h) • The current model uses two rule-based techniques at this component: – Address Mismatch – Outlier Detection 12/6/2017 Hitesh Mohapatra Ph.D
  • 25. Rule-Based Filter 1) Address Mismatch(R1): • Orders could be shipped to a different address (shipping address) than the billing address • A transaction that clears this check can be classified as genuine with very high probability • The transactions that violate this check are labeled as suspect 2) Outlier Detection(R2): • A fraudster is likely to deviate from the customer’s profile, his transactions can thus be detected as outliers • We have used DBSCAN (Density Based Spatial Clustering of Applications with Noise) [3] algorithm to filter out outliers • Any transaction detected as an outlier gives evidence that it could be fraudulent 2512/6/2017 Hitesh Mohapatra Ph.D
  • 26. 26 Rule-Based Filter • In the current work, we have used “transaction amount” as an attribute for detecting outliers • The rule-based filter is essential since it separates out most of the genuine transactions so that the FDS do not have to unnecessarily investigate millions of regular legitimate transactions • This component is kept flexible so that new rules can always be added according to existing trends, further enriching its functionality 12/6/2017 Hitesh Mohapatra Ph.D
  • 27. 27 D-S Adder • The role of the D-S adder is to combine evidences from the rules R1 and R2 at the RBF in order to compute the initial belief P(h) for each transaction • The D-S adder uses the Dempster-Shafer theory (D-S theory) of evidence to combine information • The D-S theory assumes a Universe of Discourse U, also called Frame of Discernment, which is a set of mutually exclusive and exhaustive possibilities 12/6/2017 Hitesh Mohapatra Ph.D
  • 28. 28 D-S Adder • For every incoming transaction, the rules R1 and R2 share their independent observations about the behavior of the transaction • The observations are combined to form a decision about the transaction’s genuineness • Two basic probability assignments m1(h) and m2(h) are combined into a third basic probability assignment m(h) by the Dempster’s rule for combination as follows:       yx hyx ymxm ymxm hmhmhmhP )(*)(1 )(*)( )()()()( 21 21 21 12/6/2017 Hitesh Mohapatra Ph.D
  • 29. 29 D-S Adder • For the credit card fraud detection problem, U consists of two possible values for any suspected transaction: U = {fraud, ¬fraud} • For this U, the power set has three possible elements: h = {fraud} Transaction is fraudulent (Fraud) = {¬fraud} Transaction is not fraudulent (Genuine) (h, ) => Transaction is either fraudulent or genuine (Suspicious) h 12/6/2017 Hitesh Mohapatra Ph.D h
  • 30. First Stage Decision Making Decision making occurs in two stages in the proposed system First level inferences are made based on the initial belief  If initial belief < lower threshold (ѲLT), transaction is genuine  If initial belief > upper threshold (ѲUT), transaction is fraudulent  If lower threshold ≤ initial belief ≤ upper threshold, transaction is suspicious 12/6/2017 Hitesh Mohapatra Ph.D 30
  • 31. Transaction History Databases (THD) For tracking suspicious transactions, two transaction history databases are built: • Good Transaction History (GTH) – from customer’s past behavior (customer specific) • Fraud Transaction History (FTH) – from different types of past fraudulent data (generic) Past spending behavior is observed in terms of frequency of transactions in a specific time gap 12/6/2017 Hitesh Mohapatra Ph.D 31
  • 32. Transaction History Databases • Transaction gap is divided into four mutually exclusive and exhaustive events - D1, D2, D3 and D4 • Occurrence of each event (transaction) depends on the time since last purchase (transaction gap ρ) on any particular card 3212/6/2017 Hitesh Mohapatra Ph.D
  • 33. Transaction History Databases • Conditional probabilities (evidence) and are determined from the transaction history databases FTH and GTH respectively: • We have created two look-up tables FFT (Fraud Frequency Table) and GFT (Good Frequency Table) to maintain the values of the conditional probabilities 12/6/2017 Hitesh Mohapatra Ph.D 33
  • 34. Bayesian Learning  The general idea of belief revision is that, whenever new information becomes available, it may require updating of prior beliefs  The prior/initial belief P(h) can be updated by using Bayes’ Rule after getting the new information Di from the THD  Posterior belief (P(h| Di)) of a suspicious transaction is computed using Bayesian learning based on evidence from THD 3412/6/2017 Hitesh Mohapatra Ph.D
  • 35. Bayesian Learning • The goal of Bayesian learning is to find the most probable hypothesis hmap given the training data (Maximum A Posteriori Hypothesis) • Depending on which of the posterior values is greater, the future actions are decided by the FDS 12/6/2017 Hitesh Mohapatra Ph.D 35
  • 36. Second Stage Decision Making • Suspicion score (ψ) of transaction is updated by combining its posterior belief and initial belief • For the first suspicious transaction on a card, suspicion score is same as its initial belief • Final decision is made about the transaction according to its suspicion score 3612/6/2017 Hitesh Mohapatra Ph.D
  • 37. Initial Belief Analysis FFTFTH (Generic) TRANSACTION HISTORY DATABASE P(h) Genuine/Fraudulent suspect table Suspicious BPA_R1, BPA_R2 Incoming Transaction T on card Ck )|(),|( EhPEhP P(h) Suspicion Score Analysis D-S ADDER BAYESIAN LEARNER D-S ADDER RULE-BASED FILTER Genuine/Fraudulent Event E occurs Ck, P(Ck) )RoundLast(  GTH (User specific) GFT )|(),|( hEPhEP )RoundCurrent( UTLT  , UTLT  , Flow of Events in the Proposed CCFD System 3712/6/2017 Hitesh Mohapatra Ph.D
  • 38. Mobile Telecommunication Fraud Detection • Extension of the proposed approach was developed with new features such as “transaction type” for fraud detection in mobile communication networks by considering the domain- related issues and also including the various application- specific changes [4] – Suvasini Panigrahi, Amaln Kundu, Shamik Sural and A. K. Majumdar, “Use of Dempster-Shafer Theory and Bayesian Inferencing for Fraud Detection in Mobile Communication Networks”, Lecture Notes in Computer Science (LNCS-4586), Springer Verlag, Australasian Conference on Information Security and Privacy (ACISP), Townsville, Queensland, Australia, Pages 446-460, 2007 12/6/2017 Hitesh Mohapatra Ph.D 38
  • 39. Database Intrusion Detection • Generalization of the proposed approach for intrusion detection in databases by applying an extension of Dempster-Shafer theory and Bayesian inferencing • Sensitivity of attributes is also taken into consideration for tracking against malicious modifications – Published in • IEEE Symposium on Computational Intelligence in Cyber Security (CICS 2009) [5] • Information Systems Frontiers (Special Issue on Security Management and Technologies for Protecting Against Internal Data Leakages), Springer, 2010 [6] 12/6/2017 Hitesh Mohapatra Ph.D 39
  • 40. 40 References 1. A. C. Murray, “The Threat From Within, Network Computing”, URL – http://www.networkcomputing.com/data-protection/the-threat-from- within/229616352, August 2005 2. Suvasini Panigrahi, Amaln Kundu, Shamik Sural and A. K. Majumdar, “Credit Card Fraud Detection: A Fusion Approach using Dempster- Shafer Theory and Bayesian Learning”, Information Fusion (Special Issue on Information Fusion in Computer Security), Elsevier, Vol. 10, No. 4, Pages 354-363, 2009 3. M. Ester, H. P. Kriegel, J. Sander and X. Xu, “A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise”, In Proceedings of the 2nd International Conference on Knowledge Discovery and Data Mining (KDD),Pages: 226-231, 1996 12/6/2017 Hitesh Mohapatra Ph.D
  • 41. References 4. Suvasini Panigrahi, Amaln Kundu, Shamik Sural and A. K. Majumdar, “Use of Dempster-Shafer Theory and Bayesian Inferencing for Fraud Detection in Mobile Communication Networks”, Lecture Notes in Computer Science (LNCS-4586), Springer Verlag, Australasian Conference on Information Security and Privacy (ACISP), Townsville, Queensland, Australia, Pages 446-460, 2007 5. Suvasini Panigrahi, Shamik Sural and A. K. Majumdar, “Detection of Intrusive Activity in Databases by Combining Multiple Evidences and Belief Update”, IEEE Symposium on Computational Intelligence in Cyber Security (CICS 2009), Nashville, Tennessee, USA, Pages 83-90, 2009 6. Suvasini Panigrahi, Shamik Sural and A. K. Majumdar, “Two-Stage Database Intrusion Detection by Combining Multiple Evidence and Belief Update”, Information Systems Frontiers (Special Issue on Security Management and Technologies for Protecting Against Internal Data Leakages), Springer, DOI: 10.1007/s10796-010-9252-2, Pages 1-19, Online First 11th August 2010 12/6/2017 Hitesh Mohapatra Ph.D 41