SlideShare a Scribd company logo

IDS with Artificial Intelligence

Conferencias FIST
Conferencias FIST
Technology
1 of 51
Download to read offline
Intrusion Detection System with Artificial Intelligence Mario Castro Ponce Universidad Pontificia Comillas de Madrid FIST Conference - June 2004 edition Sponsored by: MLP Private Finance IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 1/28
Aim of the talk 1. Showing you a different approach to Intrussion Detection based on Artificial Intelligence 2. Contact experts in the field to exchange ideas and maybe creating a (pioneer!!!!) working group IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 2/28
Sketch of the talk What is an IDS? Architecture of a Vulnerability Detector Why using A.I.? Neurons and other animals Neural-IDS Fuzzy-Correlator Conclusions IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 3/28
What is an IDS? Any hardware, software, or combination of thereof that monitors a system or network of systems for malicious activity IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 4/28
What is an IDS? Any hardware, software, or combination of thereof that monitors a system or network of systems for malicious activity Main functions Dissuade Prevent Documentate IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 4/28
What is an IDS? Any hardware, software, or combination of thereof that monitors a system or network of systems for malicious activity Main functions Dissuade Prevent Documentate Two kinds of IDS Host based Network based IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 4/28
Architecture of a Vulnerability Detector Example: OSSIM n IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 5/28
Why using AI? The system manager nightmare: The false positives. IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 6/28
Why using AI? The system manager nightmare: The false positives. Then? A.I. for three main reasons Flexibility (vs threshold definition) Adaptability (vs specific rules) Pattern recognition (and detection of new patterns) IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 6/28
Why using AI? The system manager nightmare: The false positives. Then? A.I. for three main reasons Flexibility (vs threshold definition) Adaptability (vs specific rules) Pattern recognition (and detection of new patterns) Moreover Fast computing (faster than humans, actually) Learning abilities. IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 6/28
Neurons and other animals AI TOOLS Neural Networks Fuzzy Logic Other... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 7/28
Artificial Neural networks Change of paradigm in computing science: Many dummy processors with a simple task to do against one (or few) powerful versatile processors IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 8/28
Neurons and artificial neurons IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 9/28
Main types of ANN Multilayer perceptrons OUTPUT LAYER INPUT LAYER HIDDEN LAYER Self-organized maps Radial basis neural networks Other IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 10/28
Neural IDS Designed for DoS and port scan attacks IDS based on a multilayer perceptron IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 11/28
Neural IDS Designed for DoS and port scan attacks IDS based on a multilayer perceptron Designing the tool Analysis Quantification Topology feed−back Learning & validation IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 11/28
First scenario: Port scan Pouring rain analogy Packets from the same source @IP 21 22 23 25 80 PORT NUMBERS IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 12/28
Second scenario: Denial of Service Pouring rain analogy Packets from the same source @IP 21 22 23 25 80 PORT NUMBERS IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 13/28
Measures Visually the difference between them is clear. . . but quantitatively? IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Statistical Mechanics Order = Low Entropy Disorder = High Entropy IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Solid State Physics (electronics) ATOMS INSULATOR ATOMS CONDUCTOR IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Packets from the same source @IP Disorder = High Entropy 21 22 23 25 80 PORT NUMBERS CONDUCTOR IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Packets from the same source @IP Order = Low Entropy 21 22 23 25 80 PORT NUMBERS INSULATOR IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Traffic parameters Packets per second Fraction of total packets to a port Inverse of the total number of packets IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Traffic parameters Packets per second Fraction of total packets to a port Inverse of the total number of packets All measures are evaluated within a time window. Parallel time windows: e.g., 15 sec, 30 sec, 5 minutes, 30 minutes IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Topology ENTROPY PORT SCAN IPR DENIAL OF SERVICE PACKETS/SEC FRACTION OF PACKETS NONE 1/PACKETS IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 15/28
Learning and testing TYPE OF ATTACK LEARNING PATTERNS RATE OF SUCCESS SEQUENCIAL SCAN 20 100 % SEQUENCIAL SCAN 50 100 % RANDOM SCAN 20 100 % RANDOM SCAN 50 100 % DoS 20 70 % DoS 50 80 % ALL 20 60 % ALL 50 65 % IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 16/28
Learning and testing TYPE OF ATTACK LEARNING PATTERNS RATE OF SUCCESS SEQUENCIAL SCAN 20 100 % SEQUENCIAL SCAN 50 100 % RANDOM SCAN 20 100 % RANDOM SCAN 50 100 % DoS 20 70 % DoS 50 80 % ALL 20 60 % ALL 50 65 % Best choice: Specialized neural detectors IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 16/28
Fuzzy Logic Imitates human perception: Approximate reasoning IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
Fuzzy Logic Imitates human perception: Approximate reasoning Example: Air cooler Classical rules: IF Temperature > 25 THEN Switch-on IF Temperature < 21 THEN Switch-off ... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
Fuzzy Logic Imitates human perception: Approximate reasoning Example: Air cooler Classical rules: IF Temperature > 25 THEN Switch-on IF Temperature < 21 THEN Switch-off ... Fuzzy rules: IF Temperature is high THEN Switch-on IF Temperature is too low THEN Switch-off ... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
Fuzzy Logic Imitates human perception: Approximate reasoning Example: Air cooler Classical rules: IF Temperature > 25 THEN Switch-on IF Temperature < 21 THEN Switch-off ... Fuzzy rules: IF Temperature is high THEN Switch-on IF Temperature is too low THEN Switch-off ... More sofisticated fuzzy rules: IF Temperature is moderate AND my wife is very pregnant THEN Switch-on ... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
Term sets and grade of membership Thresholds More than 3000 packets/sec ⇒ Possible DoS More than 5000 packets/sec ⇒ DoS! IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 18/28
Term sets: Thresholds 0 1 IDS with AI marioc@dsi.icai.upco.es 0 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   1000 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   low ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   2000 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   VOLUME OF TRAFFIC ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   More than 5000 packets/sec ⇒ DoS! More than 3000 packets/sec ⇒ Possible DoS Term sets and grade of membership FIST Conference - june 2004 edition– 18/28
Fuzzy correlator: Preliminary work Aim of the research: Use the flexibility and human language features of Fuzzy Logic and include them in the OSSIM Correlation Engine IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 19/28
Fuzzy correlator: Preliminary work Aim of the research: Use the flexibility and human language features of Fuzzy Logic and include them in the OSSIM Correlation Engine Status: Preliminary definitions and precedures. IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 19/28
More on term sets Input variable: Volume of traffic very low low normal high very high 1 0 0 1000 2000 3000 4000 5000 IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 20/28
More on term sets (II) Input variable: Number of visited ports very low low normal high very high 1 0 0 2 4 6 8 10 IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 21/28
More on term sets (III) Output variable: DoS Attack? improbable maybe almost sure 1 0 0 0.5 1 Rules (example): IF traffic is high AND number of destination ports is low THEN DoS Evaluating rules gives the required answer ’DoS Attack?’: almost sure IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 22/28
OSSIM Correlation Engine Characteristics Depends strongly on timers All the variants of an attack must be coded Cannot detect new attacks Complex sintax IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 23/28
Sample scenario: NETBIOS DCERPC ISystemActivator IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 24/28
Sample scenario: NETBIOS DCERPC ISystemActivator TIME_OUT IF destination_ports = 135,445 THEN Generate Alarm with Reliability 1 and wait 60 seconds for next rule TIME_OUT AND IF DEST_IP and SRC_IP talk again THEN Alarm, Reliability 3 and wait 60 seconds for next rule AND IF DEST_PORT and SRC_PORT talk again AND plugin_sid=2123 (CMD.EXE) THEN Alarm TIME_OUT Reliability 6 and wait 60 seconds for next rule TIME_OUT AND FINALLY IF plugin_id=2002 and conection lasts more than 10 THEN Alarm with Reliability 10 IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 25/28
Fuzzy Correlator revisited: Objectives Going beyond the sequential arrival of packets Integrating different sensors: IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 26/28
Fuzzy Correlator revisited: Objectives Going beyond the sequential arrival of packets Integrating different sensors: SNORT Anomaly detection: Abnormal connection to an open port (firewall) Thresholds High traffic at nights or weekends, . . . Neural-IDS Other IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 26/28
Fuzzy Correlator revisited: Objectives Going beyond the sequential arrival of packets Integrating different sensors: SNORT Anomaly detection: Abnormal connection to an open port (firewall) Thresholds High traffic at nights or weekends, . . . Neural-IDS Other Defining rules according to Security Manager’s experience IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 26/28
Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) But there is still a lot of work to do. . . IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) But there is still a lot of work to do. . . We need more time. We need more people Students Security experts (working group?) And of course. . . IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) But there is still a lot of work to do. . . We need more time We need more people Students Security experts (working group?) And of course. . . some money to pay it IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
And that’s all folks. . . IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 28/28

Recommended

用 Drone 打造 輕量級容器持續交付平台
用 Drone 打造 輕量級容器持續交付平台用 Drone 打造 輕量級容器持續交付平台
用 Drone 打造 輕量級容器持續交付平台Bo-Yi Wu
 
Chapt 02 ia-32 processer architecture
Chapt 02 ia-32 processer architectureChapt 02 ia-32 processer architecture
Chapt 02 ia-32 processer architecturebushrakainat214
 
History of asynchronous in .NET
History of asynchronous in .NETHistory of asynchronous in .NET
History of asynchronous in .NETMarcin Tyborowski
 
Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...
Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...
Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...Mihai Criveti
 
Block I/O Layer Tracing: blktrace
Block I/O Layer Tracing: blktraceBlock I/O Layer Tracing: blktrace
Block I/O Layer Tracing: blktraceBabak Farrokhi
 
virtual memory
virtual memoryvirtual memory
virtual memoryAbeer Naskar
 
Row Pattern Matching in SQL:2016
Row Pattern Matching in SQL:2016Row Pattern Matching in SQL:2016
Row Pattern Matching in SQL:2016Markus Winand
 
Sisteme de Operare: Planificarea proceselor, IPC
Sisteme de Operare: Planificarea proceselor, IPCSisteme de Operare: Planificarea proceselor, IPC
Sisteme de Operare: Planificarea proceselor, IPCAlexandru Radovici
 

Recommended

用 Drone 打造 輕量級容器持續交付平台
用 Drone 打造 輕量級容器持續交付平台用 Drone 打造 輕量級容器持續交付平台
用 Drone 打造 輕量級容器持續交付平台Bo-Yi Wu
 
Chapt 02 ia-32 processer architecture
Chapt 02 ia-32 processer architectureChapt 02 ia-32 processer architecture
Chapt 02 ia-32 processer architecturebushrakainat214
 
History of asynchronous in .NET
History of asynchronous in .NETHistory of asynchronous in .NET
History of asynchronous in .NETMarcin Tyborowski
 
Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...
Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...
Kubernetes Story - Day 2: Quay.io Container Registry for Publishing, Building...Mihai Criveti
 
Block I/O Layer Tracing: blktrace
Block I/O Layer Tracing: blktraceBlock I/O Layer Tracing: blktrace
Block I/O Layer Tracing: blktraceBabak Farrokhi
 
virtual memory
virtual memoryvirtual memory
virtual memoryAbeer Naskar
 
Row Pattern Matching in SQL:2016
Row Pattern Matching in SQL:2016Row Pattern Matching in SQL:2016
Row Pattern Matching in SQL:2016Markus Winand
 
Sisteme de Operare: Planificarea proceselor, IPC
Sisteme de Operare: Planificarea proceselor, IPCSisteme de Operare: Planificarea proceselor, IPC
Sisteme de Operare: Planificarea proceselor, IPCAlexandru Radovici
 
DFD ภาษาอังกฤษ
DFD ภาษาอังกฤษDFD ภาษาอังกฤษ
DFD ภาษาอังกฤษskiats
 
Operating system lab manual
Operating system lab manualOperating system lab manual
Operating system lab manualMeerut Institute of Technology
 
Sisteme de Operare: Sincronizare
Sisteme de Operare: SincronizareSisteme de Operare: Sincronizare
Sisteme de Operare: SincronizareAlexandru Radovici
 
All of the Performance Tuning Features in Oracle SQL Developer
All of the Performance Tuning Features in Oracle SQL DeveloperAll of the Performance Tuning Features in Oracle SQL Developer
All of the Performance Tuning Features in Oracle SQL DeveloperJeff Smith
 
MICROELECTRONIC Glossary
MICROELECTRONIC GlossaryMICROELECTRONIC Glossary
MICROELECTRONIC GlossaryTom Terlizzi
 
kexec / kdump implementation in Linux Kernel and Xen hypervisor
kexec / kdump implementation in Linux Kernel and Xen hypervisorkexec / kdump implementation in Linux Kernel and Xen hypervisor
kexec / kdump implementation in Linux Kernel and Xen hypervisorThe Linux Foundation
 
Node Interactive Debugging Node.js In Production
Node Interactive Debugging Node.js In ProductionNode Interactive Debugging Node.js In Production
Node Interactive Debugging Node.js In ProductionYunong Xiao
 
Implementing the IO Monad in Scala
Implementing the IO Monad in ScalaImplementing the IO Monad in Scala
Implementing the IO Monad in ScalaHermann Hueck
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Futureamiable_indian
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS BasicsMahendra Pratap Singh
 
Snort IPS
Snort IPSSnort IPS
Snort IPSSimone Tino
 
Nfv
NfvNfv
NfvAhmad Hijazi
 
Lecture artificial neural networks and pattern recognition
Lecture artificial neural networks and pattern recognitionLecture artificial neural networks and pattern recognition
Lecture artificial neural networks and pattern recognitionHưng Đặng
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 
6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...VLSICS Design
 
Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...sipij
 
Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...sipij
 
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...Paolo Nesi
 
6 th International Conference on Image Processing and Pattern Recognition (IP...
6 th International Conference on Image Processing and Pattern Recognition (IP...6 th International Conference on Image Processing and Pattern Recognition (IP...
6 th International Conference on Image Processing and Pattern Recognition (IP...ijesajournal
 
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...Andrea Omicini
 

More Related Content

What's hot

DFD ภาษาอังกฤษ
DFD ภาษาอังกฤษDFD ภาษาอังกฤษ
DFD ภาษาอังกฤษskiats
 
Sisteme de Operare: Sincronizare
Sisteme de Operare: SincronizareSisteme de Operare: Sincronizare
Sisteme de Operare: SincronizareAlexandru Radovici
 
All of the Performance Tuning Features in Oracle SQL Developer
All of the Performance Tuning Features in Oracle SQL DeveloperAll of the Performance Tuning Features in Oracle SQL Developer
All of the Performance Tuning Features in Oracle SQL DeveloperJeff Smith
 
MICROELECTRONIC Glossary
MICROELECTRONIC GlossaryMICROELECTRONIC Glossary
MICROELECTRONIC GlossaryTom Terlizzi
 
kexec / kdump implementation in Linux Kernel and Xen hypervisor
kexec / kdump implementation in Linux Kernel and Xen hypervisorkexec / kdump implementation in Linux Kernel and Xen hypervisor
kexec / kdump implementation in Linux Kernel and Xen hypervisorThe Linux Foundation
 
Node Interactive Debugging Node.js In Production
Node Interactive Debugging Node.js In ProductionNode Interactive Debugging Node.js In Production
Node Interactive Debugging Node.js In ProductionYunong Xiao
 
Implementing the IO Monad in Scala
Implementing the IO Monad in ScalaImplementing the IO Monad in Scala
Implementing the IO Monad in ScalaHermann Hueck
 

What's hot (8)

DFD ภาษาอังกฤษ
DFD ภาษาอังกฤษDFD ภาษาอังกฤษ
DFD ภาษาอังกฤษ
 
Operating system lab manual
Operating system lab manualOperating system lab manual
Operating system lab manual
 
Sisteme de Operare: Sincronizare
Sisteme de Operare: SincronizareSisteme de Operare: Sincronizare
Sisteme de Operare: Sincronizare
 
All of the Performance Tuning Features in Oracle SQL Developer
All of the Performance Tuning Features in Oracle SQL DeveloperAll of the Performance Tuning Features in Oracle SQL Developer
All of the Performance Tuning Features in Oracle SQL Developer
 
MICROELECTRONIC Glossary
MICROELECTRONIC GlossaryMICROELECTRONIC Glossary
MICROELECTRONIC Glossary
 
kexec / kdump implementation in Linux Kernel and Xen hypervisor
kexec / kdump implementation in Linux Kernel and Xen hypervisorkexec / kdump implementation in Linux Kernel and Xen hypervisor
kexec / kdump implementation in Linux Kernel and Xen hypervisor
 
Node Interactive Debugging Node.js In Production
Node Interactive Debugging Node.js In ProductionNode Interactive Debugging Node.js In Production
Node Interactive Debugging Node.js In Production
 
Implementing the IO Monad in Scala
Implementing the IO Monad in ScalaImplementing the IO Monad in Scala
Implementing the IO Monad in Scala
 

Viewers also liked

IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Futureamiable_indian
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Lecture artificial neural networks and pattern recognition
Lecture artificial neural networks and pattern recognitionLecture artificial neural networks and pattern recognition
Lecture artificial neural networks and pattern recognitionHưng Đặng
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 

Viewers also liked (8)

IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Future
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
Snort IPS
Snort IPSSnort IPS
Snort IPS
 
Nfv
NfvNfv
Nfv
 
Lecture artificial neural networks and pattern recognition
Lecture artificial neural networks and pattern recognitionLecture artificial neural networks and pattern recognition
Lecture artificial neural networks and pattern recognition
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similar to IDS with Artificial Intelligence

6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...VLSICS Design
 
Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...sipij
 
Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...sipij
 
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...Paolo Nesi
 
6 th International Conference on Image Processing and Pattern Recognition (IP...
6 th International Conference on Image Processing and Pattern Recognition (IP...6 th International Conference on Image Processing and Pattern Recognition (IP...
6 th International Conference on Image Processing and Pattern Recognition (IP...ijesajournal
 
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...Andrea Omicini
 
8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)acijjournal
 
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)VLSICS Design
 
8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)IJCI JOURNAL
 
3rd International Conference on Advances in Artificial Intelligence Techniqu...
3rd International Conference on Advances in Artificial Intelligence Techniqu... 3rd International Conference on Advances in Artificial Intelligence Techniqu...
3rd International Conference on Advances in Artificial Intelligence Techniqu...aciijournal
 
8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)ijcsity
 
8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)ijistjournal
 
11th International Conference on Soft Computing, Artificial Intelligence and...
11th International Conference on Soft Computing, Artificial Intelligence and... 11th International Conference on Soft Computing, Artificial Intelligence and...
11th International Conference on Soft Computing, Artificial Intelligence and...aciijournal
 
8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)ijesajournal
 
Call for Papers - 8th International Conference on Signal and Image Processing...
Call for Papers - 8th International Conference on Signal and Image Processing...Call for Papers - 8th International Conference on Signal and Image Processing...
Call for Papers - 8th International Conference on Signal and Image Processing...sipij
 
Call For Papers - 10th International Conference on Soft Computing, Artificial...
Call For Papers - 10th International Conference on Soft Computing, Artificial...Call For Papers - 10th International Conference on Soft Computing, Artificial...
Call For Papers - 10th International Conference on Soft Computing, Artificial...gerogepatton
 
8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)ijesajournal
 
6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...VLSICS Design
 
5th International Conference on Signal and Image Processing (SIGI 2019)
5th International Conference on Signal and Image Processing (SIGI 2019) 5th International Conference on Signal and Image Processing (SIGI 2019)
5th International Conference on Signal and Image Processing (SIGI 2019) VLSICS Design
 
11th International Conference on Soft Computing, Artificial Intelligence and ...
11th International Conference on Soft Computing, Artificial Intelligence and ...11th International Conference on Soft Computing, Artificial Intelligence and ...
11th International Conference on Soft Computing, Artificial Intelligence and ...ijcsity
 

Similar to IDS with Artificial Intelligence (20)

6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...
 
Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...
 
Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...
 
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...
 
6 th International Conference on Image Processing and Pattern Recognition (IP...
6 th International Conference on Image Processing and Pattern Recognition (IP...6 th International Conference on Image Processing and Pattern Recognition (IP...
6 th International Conference on Image Processing and Pattern Recognition (IP...
 
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...
 
8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)
 
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)
 
8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)
 
3rd International Conference on Advances in Artificial Intelligence Techniqu...
3rd International Conference on Advances in Artificial Intelligence Techniqu... 3rd International Conference on Advances in Artificial Intelligence Techniqu...
3rd International Conference on Advances in Artificial Intelligence Techniqu...
 
8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)
 
8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)
 
11th International Conference on Soft Computing, Artificial Intelligence and...
11th International Conference on Soft Computing, Artificial Intelligence and... 11th International Conference on Soft Computing, Artificial Intelligence and...
11th International Conference on Soft Computing, Artificial Intelligence and...
 
8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)
 
Call for Papers - 8th International Conference on Signal and Image Processing...
Call for Papers - 8th International Conference on Signal and Image Processing...Call for Papers - 8th International Conference on Signal and Image Processing...
Call for Papers - 8th International Conference on Signal and Image Processing...
 
Call For Papers - 10th International Conference on Soft Computing, Artificial...
Call For Papers - 10th International Conference on Soft Computing, Artificial...Call For Papers - 10th International Conference on Soft Computing, Artificial...
Call For Papers - 10th International Conference on Soft Computing, Artificial...
 
8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)
 
6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...
 
5th International Conference on Signal and Image Processing (SIGI 2019)
5th International Conference on Signal and Image Processing (SIGI 2019) 5th International Conference on Signal and Image Processing (SIGI 2019)
5th International Conference on Signal and Image Processing (SIGI 2019)
 
11th International Conference on Soft Computing, Artificial Intelligence and ...
11th International Conference on Soft Computing, Artificial Intelligence and ...11th International Conference on Soft Computing, Artificial Intelligence and ...
11th International Conference on Soft Computing, Artificial Intelligence and ...
 

More from Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 

More from Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

IDS with Artificial Intelligence

  • 1. Intrusion Detection System with Artificial Intelligence Mario Castro Ponce Universidad Pontificia Comillas de Madrid FIST Conference - June 2004 edition Sponsored by: MLP Private Finance IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 1/28
  • 2. Aim of the talk 1. Showing you a different approach to Intrussion Detection based on Artificial Intelligence 2. Contact experts in the field to exchange ideas and maybe creating a (pioneer!!!!) working group IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 2/28
  • 3. Sketch of the talk What is an IDS? Architecture of a Vulnerability Detector Why using A.I.? Neurons and other animals Neural-IDS Fuzzy-Correlator Conclusions IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 3/28
  • 4. What is an IDS? Any hardware, software, or combination of thereof that monitors a system or network of systems for malicious activity IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 4/28
  • 5. What is an IDS? Any hardware, software, or combination of thereof that monitors a system or network of systems for malicious activity Main functions Dissuade Prevent Documentate IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 4/28
  • 6. What is an IDS? Any hardware, software, or combination of thereof that monitors a system or network of systems for malicious activity Main functions Dissuade Prevent Documentate Two kinds of IDS Host based Network based IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 4/28
  • 7. Architecture of a Vulnerability Detector Example: OSSIM n IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 5/28
  • 8. Why using AI? The system manager nightmare: The false positives. IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 6/28
  • 9. Why using AI? The system manager nightmare: The false positives. Then? A.I. for three main reasons Flexibility (vs threshold definition) Adaptability (vs specific rules) Pattern recognition (and detection of new patterns) IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 6/28
  • 10. Why using AI? The system manager nightmare: The false positives. Then? A.I. for three main reasons Flexibility (vs threshold definition) Adaptability (vs specific rules) Pattern recognition (and detection of new patterns) Moreover Fast computing (faster than humans, actually) Learning abilities. IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 6/28
  • 11. Neurons and other animals AI TOOLS Neural Networks Fuzzy Logic Other... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 7/28
  • 12. Artificial Neural networks Change of paradigm in computing science: Many dummy processors with a simple task to do against one (or few) powerful versatile processors IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 8/28
  • 13. Neurons and artificial neurons IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 9/28
  • 14. Main types of ANN Multilayer perceptrons OUTPUT LAYER INPUT LAYER HIDDEN LAYER Self-organized maps Radial basis neural networks Other IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 10/28
  • 15. Neural IDS Designed for DoS and port scan attacks IDS based on a multilayer perceptron IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 11/28
  • 16. Neural IDS Designed for DoS and port scan attacks IDS based on a multilayer perceptron Designing the tool Analysis Quantification Topology feed−back Learning & validation IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 11/28
  • 17. First scenario: Port scan Pouring rain analogy Packets from the same source @IP 21 22 23 25 80 PORT NUMBERS IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 12/28
  • 18. Second scenario: Denial of Service Pouring rain analogy Packets from the same source @IP 21 22 23 25 80 PORT NUMBERS IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 13/28
  • 19. Measures Visually the difference between them is clear. . . but quantitatively? IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 20. Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 21. Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Statistical Mechanics Order = Low Entropy Disorder = High Entropy IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 22. Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Solid State Physics (electronics) ATOMS INSULATOR ATOMS CONDUCTOR IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 23. Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Packets from the same source @IP Disorder = High Entropy 21 22 23 25 80 PORT NUMBERS CONDUCTOR IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 24. Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Packets from the same source @IP Order = Low Entropy 21 22 23 25 80 PORT NUMBERS INSULATOR IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 25. Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Traffic parameters Packets per second Fraction of total packets to a port Inverse of the total number of packets IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 26. Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Traffic parameters Packets per second Fraction of total packets to a port Inverse of the total number of packets All measures are evaluated within a time window. Parallel time windows: e.g., 15 sec, 30 sec, 5 minutes, 30 minutes IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 27. Topology ENTROPY PORT SCAN IPR DENIAL OF SERVICE PACKETS/SEC FRACTION OF PACKETS NONE 1/PACKETS IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 15/28
  • 28. Learning and testing TYPE OF ATTACK LEARNING PATTERNS RATE OF SUCCESS SEQUENCIAL SCAN 20 100 % SEQUENCIAL SCAN 50 100 % RANDOM SCAN 20 100 % RANDOM SCAN 50 100 % DoS 20 70 % DoS 50 80 % ALL 20 60 % ALL 50 65 % IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 16/28
  • 29. Learning and testing TYPE OF ATTACK LEARNING PATTERNS RATE OF SUCCESS SEQUENCIAL SCAN 20 100 % SEQUENCIAL SCAN 50 100 % RANDOM SCAN 20 100 % RANDOM SCAN 50 100 % DoS 20 70 % DoS 50 80 % ALL 20 60 % ALL 50 65 % Best choice: Specialized neural detectors IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 16/28
  • 30. Fuzzy Logic Imitates human perception: Approximate reasoning IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
  • 31. Fuzzy Logic Imitates human perception: Approximate reasoning Example: Air cooler Classical rules: IF Temperature > 25 THEN Switch-on IF Temperature < 21 THEN Switch-off ... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
  • 32. Fuzzy Logic Imitates human perception: Approximate reasoning Example: Air cooler Classical rules: IF Temperature > 25 THEN Switch-on IF Temperature < 21 THEN Switch-off ... Fuzzy rules: IF Temperature is high THEN Switch-on IF Temperature is too low THEN Switch-off ... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
  • 33. Fuzzy Logic Imitates human perception: Approximate reasoning Example: Air cooler Classical rules: IF Temperature > 25 THEN Switch-on IF Temperature < 21 THEN Switch-off ... Fuzzy rules: IF Temperature is high THEN Switch-on IF Temperature is too low THEN Switch-off ... More sofisticated fuzzy rules: IF Temperature is moderate AND my wife is very pregnant THEN Switch-on ... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
  • 34. Term sets and grade of membership Thresholds More than 3000 packets/sec ⇒ Possible DoS More than 5000 packets/sec ⇒ DoS! IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 18/28
  • 35. Term sets: Thresholds 0 1 IDS with AI marioc@dsi.icai.upco.es 0 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   1000 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   low ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   2000 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   VOLUME OF TRAFFIC ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   More than 5000 packets/sec ⇒ DoS! More than 3000 packets/sec ⇒ Possible DoS Term sets and grade of membership FIST Conference - june 2004 edition– 18/28
  • 36. Fuzzy correlator: Preliminary work Aim of the research: Use the flexibility and human language features of Fuzzy Logic and include them in the OSSIM Correlation Engine IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 19/28
  • 37. Fuzzy correlator: Preliminary work Aim of the research: Use the flexibility and human language features of Fuzzy Logic and include them in the OSSIM Correlation Engine Status: Preliminary definitions and precedures. IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 19/28
  • 38. More on term sets Input variable: Volume of traffic very low low normal high very high 1 0 0 1000 2000 3000 4000 5000 IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 20/28
  • 39. More on term sets (II) Input variable: Number of visited ports very low low normal high very high 1 0 0 2 4 6 8 10 IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 21/28
  • 40. More on term sets (III) Output variable: DoS Attack? improbable maybe almost sure 1 0 0 0.5 1 Rules (example): IF traffic is high AND number of destination ports is low THEN DoS Evaluating rules gives the required answer ’DoS Attack?’: almost sure IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 22/28
  • 41. OSSIM Correlation Engine Characteristics Depends strongly on timers All the variants of an attack must be coded Cannot detect new attacks Complex sintax IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 23/28
  • 42. Sample scenario: NETBIOS DCERPC ISystemActivator IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 24/28
  • 43. Sample scenario: NETBIOS DCERPC ISystemActivator TIME_OUT IF destination_ports = 135,445 THEN Generate Alarm with Reliability 1 and wait 60 seconds for next rule TIME_OUT AND IF DEST_IP and SRC_IP talk again THEN Alarm, Reliability 3 and wait 60 seconds for next rule AND IF DEST_PORT and SRC_PORT talk again AND plugin_sid=2123 (CMD.EXE) THEN Alarm TIME_OUT Reliability 6 and wait 60 seconds for next rule TIME_OUT AND FINALLY IF plugin_id=2002 and conection lasts more than 10 THEN Alarm with Reliability 10 IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 25/28
  • 44. Fuzzy Correlator revisited: Objectives Going beyond the sequential arrival of packets Integrating different sensors: IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 26/28
  • 45. Fuzzy Correlator revisited: Objectives Going beyond the sequential arrival of packets Integrating different sensors: SNORT Anomaly detection: Abnormal connection to an open port (firewall) Thresholds High traffic at nights or weekends, . . . Neural-IDS Other IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 26/28
  • 46. Fuzzy Correlator revisited: Objectives Going beyond the sequential arrival of packets Integrating different sensors: SNORT Anomaly detection: Abnormal connection to an open port (firewall) Thresholds High traffic at nights or weekends, . . . Neural-IDS Other Defining rules according to Security Manager’s experience IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 26/28
  • 47. Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
  • 48. Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) But there is still a lot of work to do. . . IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
  • 49. Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) But there is still a lot of work to do. . . We need more time. We need more people Students Security experts (working group?) And of course. . . IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
  • 50. Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) But there is still a lot of work to do. . . We need more time We need more people Students Security experts (working group?) And of course. . . some money to pay it IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
  • 51. And that’s all folks. . . IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 28/28