With the growth of computer networking, electronic commerce and web services, security networking systems have become very important to protect infomation and networks againts malicious usage or attacks. In this report, it is designed an Intrusion Detection System using two artificial neural networks: one for Intrusion Detection and the another for Attack Classification.
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : September 2019
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
The internet and different computing devices from desktop computers to smartphones have raised many security and privacy concerns, and the need to automate systems that detect attacks on these networks has emerged in order to be able to protect these networks with scale. And while traditional intrusion detection methods may be able to detect previously known attacks, the issue of dealing with new unknown attacks arises and that brings machine learning as a strong candidate to solve these challenges.
In this report, we investigate the use of machine learning in detecting network attacks, intrusion detection, by looking at work that has been done in this field. Particularly we look at the work that has been done by Pasocal et al.
Cyber Security.
Watch my videos on snack here: --> --> http://sck.io/x-B1f0Iy
@ Kindly Follow my Instagram Page to discuss about your mental health problems-
-----> https://instagram.com/mentality_streak?utm_medium=copy_link
@ Appreciate my work:
-----> behance.net/burhanahmed1
Thank-you !
This deck is from Interpol Conference 2017, these slides shows the holistic view of machine learning in cyber security for better organization readiness
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : September 2019
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
The internet and different computing devices from desktop computers to smartphones have raised many security and privacy concerns, and the need to automate systems that detect attacks on these networks has emerged in order to be able to protect these networks with scale. And while traditional intrusion detection methods may be able to detect previously known attacks, the issue of dealing with new unknown attacks arises and that brings machine learning as a strong candidate to solve these challenges.
In this report, we investigate the use of machine learning in detecting network attacks, intrusion detection, by looking at work that has been done in this field. Particularly we look at the work that has been done by Pasocal et al.
Cyber Security.
Watch my videos on snack here: --> --> http://sck.io/x-B1f0Iy
@ Kindly Follow my Instagram Page to discuss about your mental health problems-
-----> https://instagram.com/mentality_streak?utm_medium=copy_link
@ Appreciate my work:
-----> behance.net/burhanahmed1
Thank-you !
This deck is from Interpol Conference 2017, these slides shows the holistic view of machine learning in cyber security for better organization readiness
Seminar Report | Network Intrusion Detection using Supervised Machine Learnin...Jowin John Chemban
Seminar Report : Network Intrusion Detection using Supervised Machine Learning Technique with Feature Selection
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : November 2019
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
This ppt explain you various type of possible attack, security property, Traffic Analysis, Security mechanism Intrusion detection system, vulnerability, Attack framework etc.
With the increasingly connected world revolving around the revolution of internet and new technologies like mobiles, smartphones, and tablets, and with the wide usage of wireless technologies, the information security risks have increased. Both individuals and organizations are under regular attacks for commercial or non-commercial gains. The objectives of such attacks may be to take revenge, malign the reputation of a competitor organization, understand the strategies and sensitive information about the competitor, simply have fun of exploiting the vulnerabilities. Hence, the need to protect information assets and ensure information security receives adequate attention.
In this session, I will discuss how AI and Machine Learning can be applied in detecting, predicting and preventing cyber security/information security vulnerabilities and what are the benefits of using Machine Learning and AI. We also touch upon some of the tools available to perform the same.
For Reference watch my YouTube Video - https://youtu.be/NqvNFwa0hQc
Hey Everyone!
This is my complete talk in a virtual conference for cybersecurity researchers that has been hosted by Bsides Maharashtra and thanks to them that they provided me an opportunity to share my thoughts and knowledge with passionate and budding cybersecurity researchers, Hackers, Bug Hunters, and geeks. My talk is all about the detailed explanation of AI in Cyber Security and this should be listened to by every Cyber Sec Person who wants to learn about How AI Can Help In Cyber Security. I have explained the most and every basic to advance information. So do give it a look and understand the concepts and share as much as you can. Thank you Bsides Maharashtra for inviting me. I am happy and excited to be a part of your event.
If you want to invite me for a webinar or conference connect
mail: hello@priyanshuratnakar.com or priyanshuratnakar@protonmail.com
vent details
Date - 25th to 27th November 2020
CTF
Workshop
Speaker session
website - https://bsidesmaharashtra.com/
Security BSides is a community-driven framework for building events by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent BSides approved event for Delhi, India. We’re a volunteer organized event (we have no paid staff), and we truly strive to keep information accessible for everyone.
The idea behind the Security BSides Delhi is to organize an Information Security gathering where professionals, experts, researchers, and InfoSec enthusiasts come together to discuss. It creates opportunities for individuals to both presents and participates in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Feel free to use the slide but give credit somewhere :)
Security and Privacy of Machine LearningPriyanka Aash
Machine learning is a powerful new tool that can be used for security applications (for example, to detect malware) but machine learning itself introduces many new attack surfaces. For example, attackers can control the output of machine learning models by manipulating their inputs or training data. In this session, I give an overview of the emerging field of machine learning security and privacy.
Learning Objectives:
1: Learn about vulnerabilities of machine learning.
2: Explore existing defense techniques (differential privacy).
3: Understand opportunities to join research effort to make new defenses.
(Source: RSA Conference USA 2018)
The Presentation answers various questions such as what is machine learning, how machine learning works, the difference between artificial intelligence, machine learning, deep learning, types of machine learning, and its applications.
A technical seminar delivered on Machine learning in cybersecurity. Machine learning is trending and desired subject this presentation demonstrates how machine learning can be used to protect IT infrastructure
Seminar Report | Network Intrusion Detection using Supervised Machine Learnin...Jowin John Chemban
Seminar Report : Network Intrusion Detection using Supervised Machine Learning Technique with Feature Selection
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : November 2019
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
This ppt explain you various type of possible attack, security property, Traffic Analysis, Security mechanism Intrusion detection system, vulnerability, Attack framework etc.
With the increasingly connected world revolving around the revolution of internet and new technologies like mobiles, smartphones, and tablets, and with the wide usage of wireless technologies, the information security risks have increased. Both individuals and organizations are under regular attacks for commercial or non-commercial gains. The objectives of such attacks may be to take revenge, malign the reputation of a competitor organization, understand the strategies and sensitive information about the competitor, simply have fun of exploiting the vulnerabilities. Hence, the need to protect information assets and ensure information security receives adequate attention.
In this session, I will discuss how AI and Machine Learning can be applied in detecting, predicting and preventing cyber security/information security vulnerabilities and what are the benefits of using Machine Learning and AI. We also touch upon some of the tools available to perform the same.
For Reference watch my YouTube Video - https://youtu.be/NqvNFwa0hQc
Hey Everyone!
This is my complete talk in a virtual conference for cybersecurity researchers that has been hosted by Bsides Maharashtra and thanks to them that they provided me an opportunity to share my thoughts and knowledge with passionate and budding cybersecurity researchers, Hackers, Bug Hunters, and geeks. My talk is all about the detailed explanation of AI in Cyber Security and this should be listened to by every Cyber Sec Person who wants to learn about How AI Can Help In Cyber Security. I have explained the most and every basic to advance information. So do give it a look and understand the concepts and share as much as you can. Thank you Bsides Maharashtra for inviting me. I am happy and excited to be a part of your event.
If you want to invite me for a webinar or conference connect
mail: hello@priyanshuratnakar.com or priyanshuratnakar@protonmail.com
vent details
Date - 25th to 27th November 2020
CTF
Workshop
Speaker session
website - https://bsidesmaharashtra.com/
Security BSides is a community-driven framework for building events by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent BSides approved event for Delhi, India. We’re a volunteer organized event (we have no paid staff), and we truly strive to keep information accessible for everyone.
The idea behind the Security BSides Delhi is to organize an Information Security gathering where professionals, experts, researchers, and InfoSec enthusiasts come together to discuss. It creates opportunities for individuals to both presents and participates in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Feel free to use the slide but give credit somewhere :)
Security and Privacy of Machine LearningPriyanka Aash
Machine learning is a powerful new tool that can be used for security applications (for example, to detect malware) but machine learning itself introduces many new attack surfaces. For example, attackers can control the output of machine learning models by manipulating their inputs or training data. In this session, I give an overview of the emerging field of machine learning security and privacy.
Learning Objectives:
1: Learn about vulnerabilities of machine learning.
2: Explore existing defense techniques (differential privacy).
3: Understand opportunities to join research effort to make new defenses.
(Source: RSA Conference USA 2018)
The Presentation answers various questions such as what is machine learning, how machine learning works, the difference between artificial intelligence, machine learning, deep learning, types of machine learning, and its applications.
A technical seminar delivered on Machine learning in cybersecurity. Machine learning is trending and desired subject this presentation demonstrates how machine learning can be used to protect IT infrastructure
IEEE 2014 DOTNET NETWORKING PROJECTS Network intrusion detection system using...IEEEMEMTECHSTUDENTPROJECTS
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
A review of machine learning based anomaly detectionMohamed Elfadly
Anomaly detection is an important problem that has been researched within diverse research areas and application domains. Anomaly detection refers to the problem of finding patterns in data that do not conform to expected behavior. These nonconforming patterns are often referred to as anomalies, outliers, discordant observations, exceptions, aberrations, surprises, peculiarities, or contaminants in different application domains.
A review of machine learning based anomaly detectionMohamed Elfadly
Anomaly detection is an important problem that has been researched within diverse research areas and application domains. Anomaly detection refers to the problem of finding patterns in data that do not conform to expected behavior. These nonconforming patterns are often referred to as anomalies, outliers, discordant observations, exceptions, aberrations, surprises, peculiarities, or contaminants in different application domains.
a brief introduction of cyber war and its methods, may be called "cyber warfare introduction" . i have good knowledge on this domain and i practically follow this method. in this presentation i explain the reference 50% and it will complete on my next upload. please give your feedback if any suggestions to help me. thank you.
Internet Worm Classification and Detection using Data Mining Techniquesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Palestra do evento "Cybersecurity: a nova era em resposta a incidentes e auditoria de dados"
Jim Butterworth - Senior Cybersecurity Director Guidance Software Inc.
Brasília, 04 de agosto de 2010
I will talk about innovation in the area of cyber security analytics - developing machine learning methods to detect and block cyber attacks (e.g. detecting ransomware within 4 seconds of execution and killing the underlying processes). Rather than just focusing on this as a 'black box', I'll pull it apart and talk about how we can use these methods to enable security practitioners (SOC/CIRT etc) to ask and answer questions about 'what' and 'why' these methods are flagging attacks. I'll also talk about resilience of machine learning methods to manipulation and adversarial attacks - how stable these approaches are to diversity and evolution of malware for example.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Nowadays maintaining security in the networking domain is very important and essential since the network is hacked by the unauthorized people. There are various strategies and mechanism have been applied which provide the security to some extent. Most of these security mechanisms principles are similar to encryption and firewall. Even though this mechanism provides security, but these strategies are failed to detect the intrusions in which there is a need for development of new technology and it is known as Intrusion detection system. The Intrusion detection systems are used to identify the problems like unauthorized use, misuse and abuse of computer networking systems. Outside attackers are not only the problem, the threat of authorized users misusing and abusing their privileges is an equally pressing concern. Intrusion detection systems are used to analyze the event occurrence in a system with the goal to indicate security issues. An intrusion detection system display networked units and appears for anomalous or malicious conduct within the patterns of exercise within the audit stream.This paper studied the basic concepts of intrusion detection, its need, components and challenges.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
Similar to Intrusion Detection with Neural Networks (20)
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Essentials of Automations: Optimizing FME Workflows with Parameters
Intrusion Detection with Neural Networks
1. Intrusion Detection and Classification
Using Neural Networks
Antonio Moran, Ph.D.
amoran@ieee.org
Stockholm University, Sweden
May 17, 2013
2. Information Security in Computer Networks
Information assurance is an issue of serious global
concern.
Malicious usage, attacks and sabotage have been on
the rise.
Connecting information systems to public networks
(Internet, telephone) magnifies the potential for
intrusion and attack.
3. Intrusion in Information Systems and Networks
Any set of actions that attempt to compromise the
integrity, confidentiality or availability of a resource
Intrusion
Intrusion in Information Systems
Any anauthorized access, unauthorized attempt to
access, damage, or malicious use of information
resources
4. Motives to Launch Attacks
Force a network to stop a service(s)
Steal some information stored in a network
To show unhappiness or uneasiness
To obtain economical benefits
5. Network Attacks
liability for compromised customer data
Attacks could result in:
Liability for compromised customer data
Loss of intellectual property
Degraded quality of network service
Great business loss
………..
6. Need for and Intrusion Detection System
It is difficult (impossible) to ensure that an
information system will be free of security flaws.
Computer systems suffer from security vulnerabilities
regardless of their purpose, manufacturer or origin.
It is technically difficult as well as economically costly,
to ensure that computer systems and networks are not
susceptible to attacks
7. Intrusion Detection in Information Systems
Attempting to detect computer attacks
by examining data records observed
by processes on the same network
8. Components of an Intrusion Detection System
Information source providing a
stream of event records
Analysis engine identifying signs
of intrusion, attacks or other
policy violations
Response component generating
reactions to assure system correct
operation
Data
Analysis
Identification
Action
9. Types of Information Sources
Data from network traffic and packet
streams
Data from sources internal to a
computer. Operating system level
Data from running applicationsApplication
based
Network
based
Host
based
10. Categories of Analysis Engine
Searching for something defined to be bad.
Detect intrusions that follow a well-known
patterns of attacks.
Can not detect unknown future intrusions.
Misuse
Detection
Searching for something rare or unusual.
Analyze system event streams to find
patterns of activity appearing to be abnormal.
Computationally intensive.
Anomaly
Detection
11. Categories of Analysis Engine
Detect known attacks using pre-defined
attack patterns and signatures
Misuse
Detection
Detect attacks by observing deviations
from the normal behavior of the system
Anomaly
Detection
13. Implementation of Analysis Engine
Runs periodically detecting intrusions after
the fact.
Act in a reactive way.
Off-Line
Detect intrusions while they are happening
allowing a quick response.
Computationally expensive (continuous
monitoring).
On-Line
Real-Time
14. Dynamic Intrusion Deteccion System
Hybrid system using misuse and anomaly
detection strategies
Not allowing an intruder to train (update) the
system incorrectly
Running in real-time
Updating itself continuously over periods of
time
15. Types of Network Attacks
The attacker makes the computing or memory
resources too busy or full to handle legitimate
requests or denies legitimate users access
Remote to
User
User to
Root
Denial of
Service
Probing
(Scanning)
The attacker, starting out with access to a
normal user account, tries to gain root
(superuser) access and privilegies
The attacker gains access as a local user of
the network
The attacker scans the network to gather
information or detect vulnerabilities
16. Approaches for Anomaly Detection
Detecting abnormal activity on a server or network whose
magnitude overcome a given threshold.
Ex: Abnormal consumption of CPU or memory of one server.
Rule-based
Measures
Statistical
Measures
Threshold
Soft
Computing
Based on sets of predefined rules that are provided by a
network administrator or generated by expert systems.
Neural Networks, Fuzzy Logic, Genetic Algorithms,
Support Vector Machines.
Statistical models based on historical values. Asumptions
about the underlying statistical distribution of user behavior.
Ex: Hidden Markov Models.
17. Rule Based Intrusion Detection
liability for compromised customer data
Detecting attacks by signature matching.
A set of signatures, describing the characteristics of
possible attacks, and the corresponding rules are stored.
The rules are used to evaluate incoming packet stream
and detect hostile traffic.
Easy to implement and customize but requires human domain
experts to find signatures and their rules.
It works for known patterns of attacks
Artificial intelligence techniques
could be useful
18. Rule Based Instrusion Detection
IF CountConnection=50 THEN AttackType=’smurf’
Human network administrators usually generate
low-complexity rules:
IF Src_Byte=0 OR Src_Byte>500 THEN ‘Alert’
same host within 2 sec.
IF ip_flags = 0 AND ip_len <=256 AND tcp_csum =0 AND
ip_length > 120 AND ip_src <= 1.451703E9 AND tcp_dport <= 82
AND tcp_win <= 23 THEN Malicious.
Complex rules can be generated using AI techniques:
19. Intrusion Deteccion Systems
Intrusion Detection Systems alone will not
ensure the security of a computer network
Intrusion detection systems must be
complemented by firewalls, vulnerability
assessment, and a comprehensive security
policy
20. Intrusion Detection and Clasification
Using Neural Networks
Application of neural networks in Intrusion
Deteccion Systems date back to 1992
21. When a Computer Network is Working in
Normal / Abnormal State
It is difficult to define all the attributes that
characterize a normal or abnormal state.
Let a neural network discovers the patterns
characterizing a normal state and an abnormal
state.
22. Intrusion Detection and Clasification Using Neural
Networks
Discover underlying patterns
that describe normal user or
computer network behavior
Use the patterns
to determine:
The state of
the network
The type of user
Normal
Attacked
Authorized
Intruder
Neural Network
23. Intrusion Detection and Classification Using
Neural Networks
Hybrid System
Misuse Detection
Anomaly Detection
Runs in real-time
Network Based Packet streams
24. Intrusion Detection and Classification Using
Neural Networks
Two Neural Networks
Neural Network for detecting intrusion.
State of the network: normal or with intrusion
Neural Network for classifying intrusion.
Four types of intrusion
25. Intrusion Detection and Classification Using
Neural Networks
Two Neural Networks
Neural Network
Packet
Stream
Normal
Intrusion
Neural Network
Intrusion
Detection
Intrusion
Classification
Denial of Service
User to Root
Remote to User
Probing
26. Neural Network Design Process
Data collection
Definition of inputs and outputs
Input and output data generation
Data normalization
Selection of neural network structure
Neural network training
Neural network validation
27. What Data To Be Used?
Main features (attributes) of
network packet stream
Take a set of network packets
Determine main features to be analyzed
from packet header (and packet data)
28. ……....Pi+1 Pi+2 PrPk+1 Pk+2 Pk+N
PzPi Pz-1Pz-2Pj
…… ……
Packet stream
P
Window
Window Packets
Features Vector
Attributes
Extraction
…
Window size: 50 - 500
Features vector size: 10 - 50
Features Extraction of Window Based
Packet Stream
29. ……....Pi+1 Pi+2 PrPk+1 Pk+2 Pk+N
PzPi Pz-1Pz-2Pj
…… ……
Packet stream
P
Window
Window Packets
Features Vector
Attributes
Extraction
…
Window size: 50 - 500
Features vector size: 10 - 50
Features of Window Based Packet Stream
Features are chosen such
that their values change
perceivably in normal and
intrusive conditions.
30. ……....Pi+1 Pi+2 PrPk+1 Pk+2 Pk+N
PzPi Pz-1Pz-2Pj
…… ……
Packet stream
P
Window
Attributes
Extraction
Number of IP addresses
Packet Stream Features
Number of protocols and types
Network service on destination. http, telnet
Number of packets with 0 data length
Average data length
Average window size
Number of packets with 0 window size
Number of packets with 0 data length Number of failed login attempts
Number of wrong fragments
Number of urgent packets
Number of data bytes from source to destination
Number of data bytes from destination to source
Number of file creation operations
Number of connections with SYN errors
Number of coonections to the same service
…….... ……....
31. Neural Network for Intrusion Detection
Inputs Outputs
Window packet
features vector
40 features
Code for every state
of the network
Intrusion : 0 1
Normal: 1 0
40 Inputs
2 Outputs
(Attack)
33. Neural Network Training and Validation
Training: 16000 input-output pairs
Validation: 5000 input (feature vectors)
Determining coefficients vij wjk
Computing network outputs for
every input and determining state
of network: normal or attack
40 Inputs 2 Outputs::
:
:
vij
wjk
34. Neural Network Validation
In validation (testing), inputs are different to those used in training
Input 1 Output : 0.85 0.15
1 0
Normal
Input 2 Output : 0.11 0.88
0 1
Attack
…...
40 Inputs 2 Outputs::
:
:
vij
wjk
35. Neural Network Validation
Normal 3000 94% 6%
Attack 2000 90% 10%
Correct
Detection
Rate
Detected
as Attack
Detected
as Normal
Number of
Tests
False positive (normal behavior is rejected) : 6%
False negative (attack considered as normal) : 10%
Intrusion Detection
36. Neural Network for Intrusion Detection
It is expected that any significantly deviation
from the normal behavior is considered an attack
It is expected to perform well detecting
unknown intrusions and even zero-day attacks
37. Neural Network for Attack Classification
From the previous neural network
an attack has been detected.
Now, it is required to determine the
type of attack
Denial of Service
User to Root
Remote to User
Probing
38. Neural Network for Attack Classification
Inputs Outputs
Window packet
features vector
40 features
Code for every type of attack
Denial of Service: 1 0 0 0
User to root: 0 1 0 0
Remote to user: 0 0 1 0
Probing: 0 0 0 1
40 Inputs
4 Outputs
40. Neural Network Training and Validation
Training: 6000 input-output pairs
Validation: 2000 input (feature vectors)
Determining coefficients vij wjk
Computing network outputs for
every input and determining
type of attack
:
:
:
40 Inputs 4 Outputs
:
vij wjk
41. Neural Network Validation
In validation (testing), inputs are different to those used in training
Input 1 Output : 0.85 0.15 0.24 0.01
1 0 0 0
Denial of service
Input 2 Output : 0.11 0.08 0.18 0.91
0 0 0 1
Probing
…...
:
:
:
40 Inputs 4 Outputs
:
vij wjk
42. Neural Network Validation
Denial of Service 600 91%
User to Root 500 81%
Remote to User 300 69%
Probing 600 90%
Correct
Detection
Rate
Number
of Tests
Type of Attack
Attack Classification
43. Data to Design and Evaluate IDS Systems
Own Generation
Knowledge Discovery and Data
Mining Tools Competition.
DARPA KDD Data Base
Standard benchmark for intrusion
detection evaluations.
44. Thank you for your
attention!
Antonio Moran, Ph.D.
amoran@ieee.org