SlideShare a Scribd company logo

Network behavioral clustering engine

Download as PPTX, PDF
R
rmnfll

Using online machine learning to empower organizations to get a clearer view of their networks.

TechnologyEducation
1 of 12
What do we do? We use machine learning to empower organizations to get a clearer view of their networks 2
What do we offer? › Network Behavioral Clustering Engine › NBCE is a set of technologies whose main objective is analyze the structural differences among normal and malicious traffic generated by cyber attacks and network intrusions. › BCE characterizes the normal traffic using clustering and propose how the normal traffic should look like at a specific point in time. 3
What do we use? Online machine learning. A paradigm shift ….00100110100101…. Online In memory Analytics Memory Memory Disk Off-line moves to Online Disk Only Analysis Results are stored Large Analysis process What’s the benefit? › Not all the generated data represents useful information › Historical information is not always available (E.g. Electric car adoption, new traffic in the network M2M) › Need to react instantly to meaningful changes in data. (E.g. trends on market stock exchange)
Intrusion/Attack detection › Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents. › Incidents are violations or imminent threats of violation of: › computer security policies. › acceptable use policies. › standard security practices. › An intrusion detection system (IDS) is software that automates the intrusion detection process. › IDSs are primarily focuses on identifying possible incidents and detecting when an attacker has successfully compromised a system by exploiting vulnerability in the system.
Intrusion/Attack detection Detection approaches › Signature-Based Detection. › A signature is a pattern that corresponds to a known threat (e.g. a DoS attack). It is the process of comparing signatures against observed events to identify possible incidents. › Anomaly-Based Detection › The process of comparing definitions of what activity is considered normal against observed events to identify significant deviations. Capable of detecting previously unknown threats. It is not required to have a previous labeled dataset.
Using Clustering for Intrusion Detection A Set of Unlabeled Data Unsupervised Anomaly Detection Algorithm › Assumptions for unsupervised anomaly detection algorithm: Detected Intrusion Clusters Comparison with Detected Clusters › The intrusions are rare with respect to normal network traffic. › The intrusions are different from normal network traffic. › As a Result: › The intrusions will appear as outliers in the data. Detected malicious attacks
Using Clustering for Intrusion Detection › The unsupervised anomaly detection algorithm clusters the unlabeled data instances together into clusters using a simple distance-based metric. › Once data is clustered, all of the instances that appear in small clusters are labeled as anomalies because: › The normal instances should form large clusters compared to the intrusions, › Malicious intrusions and normal instances are qualitatively different, so they do not fall into the same cluster.
Metric & Normalization • Euclidean Metric (for distance computation) • Feature Normalization (to eliminate the difference in the scale of features) 9/29
Methodology › Feed the traffic data into the system › Distribute the traffic across the Turing Nodes › Red-Means Algorithm: › Feature selection › Run the distributed clustered algorithm › Dynamic cluster number discover › Major cluster metrics calculation › Collect the results from the nodes to a central point › Logistic Regression › Compare the results with the predictive model › Re-train the model if it required › Mark the current situation as normal or abnormal
NBCE Architecture Streaming Text/XML Files Kantor Nodes Turing Nodes Internal Comm system Picasso Node Communicator Red-Means Algorithm Comm External Sys Feature distribution Configuration File DB Access Internal Comm system SMNP Console SOAP Notification Logistic regression › Kantor is the › Turing is the core. It listener of the distributes the Turing Nodes system. It reads clustering algorithm, or listen from collects results and streaming, create a prediction sockets, text files model about how the or dbs. traffic should behave in the future. › Picasso is the data visualization component. It shows in a friendly manner how traffic looks like and how it will be.
Network behavioral clustering engine

Recommended

A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...Shakas Technologies
 
A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...JPINFOTECH JAYAPRAKASH
 
Evaluating the vulnerability of network traffic using joint security and rout...
Evaluating the vulnerability of network traffic using joint security and rout...Evaluating the vulnerability of network traffic using joint security and rout...
Evaluating the vulnerability of network traffic using joint security and rout...Mumbai Academisc
 
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A system-for-denial-of-service...
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A system-for-denial-of-service...IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A system-for-denial-of-service...
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A system-for-denial-of-service...IEEEMEMTECHSTUDENTPROJECTS
 
Internet ttraffic monitering anomalous behiviour detection
Internet ttraffic monitering anomalous behiviour detectionInternet ttraffic monitering anomalous behiviour detection
Internet ttraffic monitering anomalous behiviour detectionGyan Prakash
 
Secure data aggregation technique for wireless
Secure data aggregation technique for wirelessSecure data aggregation technique for wireless
Secure data aggregation technique for wirelessjpstudcorner
 
JPD1424 A System for Denial-of-Service Attack Detection Based on Multivariat...
JPD1424 A System for Denial-of-Service Attack Detection Based on Multivariat...JPD1424 A System for Denial-of-Service Attack Detection Based on Multivariat...
JPD1424 A System for Denial-of-Service Attack Detection Based on Multivariat...chennaijp
 
Mobile fraud detection using neural networks
Mobile fraud detection using neural networksMobile fraud detection using neural networks
Mobile fraud detection using neural networksVidhya Moorthy
 

Recommended

A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...Shakas Technologies
 
A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...JPINFOTECH JAYAPRAKASH
 
Evaluating the vulnerability of network traffic using joint security and rout...
Evaluating the vulnerability of network traffic using joint security and rout...Evaluating the vulnerability of network traffic using joint security and rout...
Evaluating the vulnerability of network traffic using joint security and rout...Mumbai Academisc
 
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A system-for-denial-of-service...
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A system-for-denial-of-service...IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A system-for-denial-of-service...
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A system-for-denial-of-service...IEEEMEMTECHSTUDENTPROJECTS
 
Internet ttraffic monitering anomalous behiviour detection
Internet ttraffic monitering anomalous behiviour detectionInternet ttraffic monitering anomalous behiviour detection
Internet ttraffic monitering anomalous behiviour detectionGyan Prakash
 
Secure data aggregation technique for wireless
Secure data aggregation technique for wirelessSecure data aggregation technique for wireless
Secure data aggregation technique for wirelessjpstudcorner
 
JPD1424 A System for Denial-of-Service Attack Detection Based on Multivariat...
JPD1424 A System for Denial-of-Service Attack Detection Based on Multivariat...JPD1424 A System for Denial-of-Service Attack Detection Based on Multivariat...
JPD1424 A System for Denial-of-Service Attack Detection Based on Multivariat...chennaijp
 
Mobile fraud detection using neural networks
Mobile fraud detection using neural networksMobile fraud detection using neural networks
Mobile fraud detection using neural networksVidhya Moorthy
 
Secure data aggregation technique for wireless sensor networks in the presenc...
Secure data aggregation technique for wireless sensor networks in the presenc...Secure data aggregation technique for wireless sensor networks in the presenc...
Secure data aggregation technique for wireless sensor networks in the presenc...LogicMindtech Nologies
 
Icacci presentation-cnn intrusion
Icacci presentation-cnn intrusionIcacci presentation-cnn intrusion
Icacci presentation-cnn intrusionvinaykumar R
 
a system for denial-of-service attack detection based on multivariate correla...
a system for denial-of-service attack detection based on multivariate correla...a system for denial-of-service attack detection based on multivariate correla...
a system for denial-of-service attack detection based on multivariate correla...swathi78
 
A system for-denial-of-service-attack-detection-based-on-multivariate-correla...
A system for-denial-of-service-attack-detection-based-on-multivariate-correla...A system for-denial-of-service-attack-detection-based-on-multivariate-correla...
A system for-denial-of-service-attack-detection-based-on-multivariate-correla...LeMeniz Infotech
 
Application of Data Mining Technique in Invasion Recognition
Application of Data Mining Technique in Invasion RecognitionApplication of Data Mining Technique in Invasion Recognition
Application of Data Mining Technique in Invasion RecognitionIOSR Journals
 
a system for denial-of-service attack detection based on multivariate correla...
a system for denial-of-service attack detection based on multivariate correla...a system for denial-of-service attack detection based on multivariate correla...
a system for denial-of-service attack detection based on multivariate correla...swathi78
 
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN AlgorithmIRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN AlgorithmIRJET Journal
 
A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...IGEEKS TECHNOLOGIES
 
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...IJCNCJournal
 
Chapter 1 organizing data vantage domain action and validity
Chapter 1 organizing data vantage domain action and validityChapter 1 organizing data vantage domain action and validity
Chapter 1 organizing data vantage domain action and validityPhu Nguyen
 
A data driven approach for monitoring network events
A data driven approach for monitoring network eventsA data driven approach for monitoring network events
A data driven approach for monitoring network eventsJisc
 
IRJET - Crime Analysis and Prediction - by using DBSCAN Algorithm
IRJET - Crime Analysis and Prediction - by using DBSCAN AlgorithmIRJET - Crime Analysis and Prediction - by using DBSCAN Algorithm
IRJET - Crime Analysis and Prediction - by using DBSCAN AlgorithmIRJET Journal
 
Iaetsd a survey on detecting denial-of-service attacks
Iaetsd a survey on detecting denial-of-service attacksIaetsd a survey on detecting denial-of-service attacks
Iaetsd a survey on detecting denial-of-service attacksIaetsd Iaetsd
 
A System for Denial of Service Attack Detection Based On Multivariate Corelat...
A System for Denial of Service Attack Detection Based On Multivariate Corelat...A System for Denial of Service Attack Detection Based On Multivariate Corelat...
A System for Denial of Service Attack Detection Based On Multivariate Corelat...IJCERT
 
Network Miner Network forensics
Network Miner Network forensicsNetwork Miner Network forensics
Network Miner Network forensicsSreekanth Narendran
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET Journal
 
fault localization in computer network..
fault localization in computer network..fault localization in computer network..
fault localization in computer network..CDAC PUNE
 
Network intrusion detection using supervised machine learning technique with ...
Network intrusion detection using supervised machine learning technique with ...Network intrusion detection using supervised machine learning technique with ...
Network intrusion detection using supervised machine learning technique with ...CloudTechnologies
 
Online stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficOnline stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficeSAT Publishing House
 
Online stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficOnline stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficeSAT Journals
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A system-for-denial-of-service-...
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A system-for-denial-of-service-...2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A system-for-denial-of-service-...
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A system-for-denial-of-service-...IEEEGLOBALSOFTSTUDENTSPROJECTS
 

More Related Content

What's hot

Secure data aggregation technique for wireless sensor networks in the presenc...
Secure data aggregation technique for wireless sensor networks in the presenc...Secure data aggregation technique for wireless sensor networks in the presenc...
Secure data aggregation technique for wireless sensor networks in the presenc...LogicMindtech Nologies
 
Icacci presentation-cnn intrusion
Icacci presentation-cnn intrusionIcacci presentation-cnn intrusion
Icacci presentation-cnn intrusionvinaykumar R
 
a system for denial-of-service attack detection based on multivariate correla...
a system for denial-of-service attack detection based on multivariate correla...a system for denial-of-service attack detection based on multivariate correla...
a system for denial-of-service attack detection based on multivariate correla...swathi78
 
A system for-denial-of-service-attack-detection-based-on-multivariate-correla...
A system for-denial-of-service-attack-detection-based-on-multivariate-correla...A system for-denial-of-service-attack-detection-based-on-multivariate-correla...
A system for-denial-of-service-attack-detection-based-on-multivariate-correla...LeMeniz Infotech
 
Application of Data Mining Technique in Invasion Recognition
Application of Data Mining Technique in Invasion RecognitionApplication of Data Mining Technique in Invasion Recognition
Application of Data Mining Technique in Invasion RecognitionIOSR Journals
 
a system for denial-of-service attack detection based on multivariate correla...
a system for denial-of-service attack detection based on multivariate correla...a system for denial-of-service attack detection based on multivariate correla...
a system for denial-of-service attack detection based on multivariate correla...swathi78
 
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN AlgorithmIRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN AlgorithmIRJET Journal
 
A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...IGEEKS TECHNOLOGIES
 
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...IJCNCJournal
 
Chapter 1 organizing data vantage domain action and validity
Chapter 1 organizing data vantage domain action and validityChapter 1 organizing data vantage domain action and validity
Chapter 1 organizing data vantage domain action and validityPhu Nguyen
 
A data driven approach for monitoring network events
A data driven approach for monitoring network eventsA data driven approach for monitoring network events
A data driven approach for monitoring network eventsJisc
 
IRJET - Crime Analysis and Prediction - by using DBSCAN Algorithm
IRJET - Crime Analysis and Prediction - by using DBSCAN AlgorithmIRJET - Crime Analysis and Prediction - by using DBSCAN Algorithm
IRJET - Crime Analysis and Prediction - by using DBSCAN AlgorithmIRJET Journal
 
Iaetsd a survey on detecting denial-of-service attacks
Iaetsd a survey on detecting denial-of-service attacksIaetsd a survey on detecting denial-of-service attacks
Iaetsd a survey on detecting denial-of-service attacksIaetsd Iaetsd
 
A System for Denial of Service Attack Detection Based On Multivariate Corelat...
A System for Denial of Service Attack Detection Based On Multivariate Corelat...A System for Denial of Service Attack Detection Based On Multivariate Corelat...
A System for Denial of Service Attack Detection Based On Multivariate Corelat...IJCERT
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET Journal
 
fault localization in computer network..
fault localization in computer network..fault localization in computer network..
fault localization in computer network..CDAC PUNE
 
Network intrusion detection using supervised machine learning technique with ...
Network intrusion detection using supervised machine learning technique with ...Network intrusion detection using supervised machine learning technique with ...
Network intrusion detection using supervised machine learning technique with ...CloudTechnologies
 
Online stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficOnline stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficeSAT Publishing House
 
Online stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficOnline stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficeSAT Journals
 

What's hot (20)

Secure data aggregation technique for wireless sensor networks in the presenc...
Secure data aggregation technique for wireless sensor networks in the presenc...Secure data aggregation technique for wireless sensor networks in the presenc...
Secure data aggregation technique for wireless sensor networks in the presenc...
 
Icacci presentation-cnn intrusion
Icacci presentation-cnn intrusionIcacci presentation-cnn intrusion
Icacci presentation-cnn intrusion
 
a system for denial-of-service attack detection based on multivariate correla...
a system for denial-of-service attack detection based on multivariate correla...a system for denial-of-service attack detection based on multivariate correla...
a system for denial-of-service attack detection based on multivariate correla...
 
A system for-denial-of-service-attack-detection-based-on-multivariate-correla...
A system for-denial-of-service-attack-detection-based-on-multivariate-correla...A system for-denial-of-service-attack-detection-based-on-multivariate-correla...
A system for-denial-of-service-attack-detection-based-on-multivariate-correla...
 
Application of Data Mining Technique in Invasion Recognition
Application of Data Mining Technique in Invasion RecognitionApplication of Data Mining Technique in Invasion Recognition
Application of Data Mining Technique in Invasion Recognition
 
a system for denial-of-service attack detection based on multivariate correla...
a system for denial-of-service attack detection based on multivariate correla...a system for denial-of-service attack detection based on multivariate correla...
a system for denial-of-service attack detection based on multivariate correla...
 
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN AlgorithmIRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
 
A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...
 
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...
 
Chapter 1 organizing data vantage domain action and validity
Chapter 1 organizing data vantage domain action and validityChapter 1 organizing data vantage domain action and validity
Chapter 1 organizing data vantage domain action and validity
 
A data driven approach for monitoring network events
A data driven approach for monitoring network eventsA data driven approach for monitoring network events
A data driven approach for monitoring network events
 
IRJET - Crime Analysis and Prediction - by using DBSCAN Algorithm
IRJET - Crime Analysis and Prediction - by using DBSCAN AlgorithmIRJET - Crime Analysis and Prediction - by using DBSCAN Algorithm
IRJET - Crime Analysis and Prediction - by using DBSCAN Algorithm
 
Iaetsd a survey on detecting denial-of-service attacks
Iaetsd a survey on detecting denial-of-service attacksIaetsd a survey on detecting denial-of-service attacks
Iaetsd a survey on detecting denial-of-service attacks
 
A System for Denial of Service Attack Detection Based On Multivariate Corelat...
A System for Denial of Service Attack Detection Based On Multivariate Corelat...A System for Denial of Service Attack Detection Based On Multivariate Corelat...
A System for Denial of Service Attack Detection Based On Multivariate Corelat...
 
Network Miner Network forensics
Network Miner Network forensicsNetwork Miner Network forensics
Network Miner Network forensics
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
 
fault localization in computer network..
fault localization in computer network..fault localization in computer network..
fault localization in computer network..
 
Network intrusion detection using supervised machine learning technique with ...
Network intrusion detection using supervised machine learning technique with ...Network intrusion detection using supervised machine learning technique with ...
Network intrusion detection using supervised machine learning technique with ...
 
Online stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficOnline stream mining approach for clustering network traffic
Online stream mining approach for clustering network traffic
 
Online stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficOnline stream mining approach for clustering network traffic
Online stream mining approach for clustering network traffic
 

Similar to Network behavioral clustering engine

Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A system-for-denial-of-service-...
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A system-for-denial-of-service-...2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A system-for-denial-of-service-...
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A system-for-denial-of-service-...IEEEGLOBALSOFTSTUDENTSPROJECTS
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxUnderstanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxRineri1
 
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A probabilistic-misbehavior-de...
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A probabilistic-misbehavior-de...IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A probabilistic-misbehavior-de...
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A probabilistic-misbehavior-de...IEEEMEMTECHSTUDENTPROJECTS
 
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A probabilistic-misbehavior-det...
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A probabilistic-misbehavior-det...2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A probabilistic-misbehavior-det...
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A probabilistic-misbehavior-det...IEEEGLOBALSOFTSTUDENTSPROJECTS
 
Role of data mining in cyber security
Role of data mining in cyber securityRole of data mining in cyber security
Role of data mining in cyber securityKhaled Al-Khalili
 
Ids 00 introduction_ intrusion detection & prevention systems
Ids 00 introduction_ intrusion detection & prevention systemsIds 00 introduction_ intrusion detection & prevention systems
Ids 00 introduction_ intrusion detection & prevention systemsjyoti_lakhani
 
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET Journal
 
JPD1423 A Probabilistic Misbehavior Detection Scheme toward Efficient Trust ...
JPD1423 A Probabilistic Misbehavior Detection Scheme toward Efficient Trust ...JPD1423 A Probabilistic Misbehavior Detection Scheme toward Efficient Trust ...
JPD1423 A Probabilistic Misbehavior Detection Scheme toward Efficient Trust ...chennaijp
 
A_Measurement_Approach_for_Inline_Intrusion_Detection_of_Heartbleed-Like_Atta...
A_Measurement_Approach_for_Inline_Intrusion_Detection_of_Heartbleed-Like_Atta...A_Measurement_Approach_for_Inline_Intrusion_Detection_of_Heartbleed-Like_Atta...
A_Measurement_Approach_for_Inline_Intrusion_Detection_of_Heartbleed-Like_Atta...Shakas Technologies
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Editor IJARCET
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Editor IJARCET
 
IRJET- Genetic Algorithm based Intrusion Detection-Survey
IRJET- Genetic Algorithm based Intrusion Detection-SurveyIRJET- Genetic Algorithm based Intrusion Detection-Survey
IRJET- Genetic Algorithm based Intrusion Detection-SurveyIRJET Journal
 
Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...
Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...
Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...IJCSIS Research Publications
 
a probabilistic misbehavior detection scheme toward efficient trust establish...
a probabilistic misbehavior detection scheme toward efficient trust establish...a probabilistic misbehavior detection scheme toward efficient trust establish...
a probabilistic misbehavior detection scheme toward efficient trust establish...swathi78
 
DETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCMDETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCMEditor IJMTER
 
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...IJNSA Journal
 
A Survey On Intrusion Detection Systems
A Survey On Intrusion Detection SystemsA Survey On Intrusion Detection Systems
A Survey On Intrusion Detection SystemsMary Calkins
 
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.IRJET Journal
 

Similar to Network behavioral clustering engine (20)

Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networks
 
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A system-for-denial-of-service-...
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A system-for-denial-of-service-...2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A system-for-denial-of-service-...
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A system-for-denial-of-service-...
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxUnderstanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptx
 
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A probabilistic-misbehavior-de...
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A probabilistic-misbehavior-de...IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A probabilistic-misbehavior-de...
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A probabilistic-misbehavior-de...
 
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A probabilistic-misbehavior-det...
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A probabilistic-misbehavior-det...2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A probabilistic-misbehavior-det...
2014 IEEE DOTNET PARALLEL DISTRIBUTED PROJECT A probabilistic-misbehavior-det...
 
Role of data mining in cyber security
Role of data mining in cyber securityRole of data mining in cyber security
Role of data mining in cyber security
 
Ids 00 introduction_ intrusion detection & prevention systems
Ids 00 introduction_ intrusion detection & prevention systemsIds 00 introduction_ intrusion detection & prevention systems
Ids 00 introduction_ intrusion detection & prevention systems
 
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
 
JPD1423 A Probabilistic Misbehavior Detection Scheme toward Efficient Trust ...
JPD1423 A Probabilistic Misbehavior Detection Scheme toward Efficient Trust ...JPD1423 A Probabilistic Misbehavior Detection Scheme toward Efficient Trust ...
JPD1423 A Probabilistic Misbehavior Detection Scheme toward Efficient Trust ...
 
A_Measurement_Approach_for_Inline_Intrusion_Detection_of_Heartbleed-Like_Atta...
A_Measurement_Approach_for_Inline_Intrusion_Detection_of_Heartbleed-Like_Atta...A_Measurement_Approach_for_Inline_Intrusion_Detection_of_Heartbleed-Like_Atta...
A_Measurement_Approach_for_Inline_Intrusion_Detection_of_Heartbleed-Like_Atta...
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194
 
M41028892
M41028892M41028892
M41028892
 
IRJET- Genetic Algorithm based Intrusion Detection-Survey
IRJET- Genetic Algorithm based Intrusion Detection-SurveyIRJET- Genetic Algorithm based Intrusion Detection-Survey
IRJET- Genetic Algorithm based Intrusion Detection-Survey
 
Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...
Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...
Comparative Analysis of K-Means Data Mining and Outlier Detection Approach fo...
 
a probabilistic misbehavior detection scheme toward efficient trust establish...
a probabilistic misbehavior detection scheme toward efficient trust establish...a probabilistic misbehavior detection scheme toward efficient trust establish...
a probabilistic misbehavior detection scheme toward efficient trust establish...
 
DETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCMDETECTING NETWORK ANOMALIES USING CUSUM and FCM
DETECTING NETWORK ANOMALIES USING CUSUM and FCM
 
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
FORTIFICATION OF HYBRID INTRUSION DETECTION SYSTEM USING VARIANTS OF NEURAL ...
 
A Survey On Intrusion Detection Systems
A Survey On Intrusion Detection SystemsA Survey On Intrusion Detection Systems
A Survey On Intrusion Detection Systems
 
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
 

Recently uploaded

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Network behavioral clustering engine

  • 1.
  • 2. What do we do? We use machine learning to empower organizations to get a clearer view of their networks 2
  • 3. What do we offer? › Network Behavioral Clustering Engine › NBCE is a set of technologies whose main objective is analyze the structural differences among normal and malicious traffic generated by cyber attacks and network intrusions. › BCE characterizes the normal traffic using clustering and propose how the normal traffic should look like at a specific point in time. 3
  • 4. What do we use? Online machine learning. A paradigm shift ….00100110100101…. Online In memory Analytics Memory Memory Disk Off-line moves to Online Disk Only Analysis Results are stored Large Analysis process What’s the benefit? › Not all the generated data represents useful information › Historical information is not always available (E.g. Electric car adoption, new traffic in the network M2M) › Need to react instantly to meaningful changes in data. (E.g. trends on market stock exchange)
  • 5. Intrusion/Attack detection › Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents. › Incidents are violations or imminent threats of violation of: › computer security policies. › acceptable use policies. › standard security practices. › An intrusion detection system (IDS) is software that automates the intrusion detection process. › IDSs are primarily focuses on identifying possible incidents and detecting when an attacker has successfully compromised a system by exploiting vulnerability in the system.
  • 6. Intrusion/Attack detection Detection approaches › Signature-Based Detection. › A signature is a pattern that corresponds to a known threat (e.g. a DoS attack). It is the process of comparing signatures against observed events to identify possible incidents. › Anomaly-Based Detection › The process of comparing definitions of what activity is considered normal against observed events to identify significant deviations. Capable of detecting previously unknown threats. It is not required to have a previous labeled dataset.
  • 7. Using Clustering for Intrusion Detection A Set of Unlabeled Data Unsupervised Anomaly Detection Algorithm › Assumptions for unsupervised anomaly detection algorithm: Detected Intrusion Clusters Comparison with Detected Clusters › The intrusions are rare with respect to normal network traffic. › The intrusions are different from normal network traffic. › As a Result: › The intrusions will appear as outliers in the data. Detected malicious attacks
  • 8. Using Clustering for Intrusion Detection › The unsupervised anomaly detection algorithm clusters the unlabeled data instances together into clusters using a simple distance-based metric. › Once data is clustered, all of the instances that appear in small clusters are labeled as anomalies because: › The normal instances should form large clusters compared to the intrusions, › Malicious intrusions and normal instances are qualitatively different, so they do not fall into the same cluster.
  • 9. Metric & Normalization • Euclidean Metric (for distance computation) • Feature Normalization (to eliminate the difference in the scale of features) 9/29
  • 10. Methodology › Feed the traffic data into the system › Distribute the traffic across the Turing Nodes › Red-Means Algorithm: › Feature selection › Run the distributed clustered algorithm › Dynamic cluster number discover › Major cluster metrics calculation › Collect the results from the nodes to a central point › Logistic Regression › Compare the results with the predictive model › Re-train the model if it required › Mark the current situation as normal or abnormal
  • 11. NBCE Architecture Streaming Text/XML Files Kantor Nodes Turing Nodes Internal Comm system Picasso Node Communicator Red-Means Algorithm Comm External Sys Feature distribution Configuration File DB Access Internal Comm system SMNP Console SOAP Notification Logistic regression › Kantor is the › Turing is the core. It listener of the distributes the Turing Nodes system. It reads clustering algorithm, or listen from collects results and streaming, create a prediction sockets, text files model about how the or dbs. traffic should behave in the future. › Picasso is the data visualization component. It shows in a friendly manner how traffic looks like and how it will be.

Editor's Notes

  1. The intrusions are rare with respect to normal network traffic, numberof normal instances is much bigger than number of intrusioninstances. The intrusions are different from normal network traffic, which means intrusionsare qualitatively different from the normal instances.