Intrusion Detection System: Facts, Challenges and Futures. By Gina Tjhai 13 th March 2007 Network Research Group

Similar documents
Adaptive Alarm Filtering by Causal Correlation Consideration in Intrusion Detection*

EE04 804(B) Soft Computing Ver. 1.2 Class 1. Introduction February 21st,2012. Sasidharan Sreedharan

Intrusion Detection: Eliminating False Alarms

Detection of Temporal Dependencies in Alarm Time Series of Industrial Plants

An improved Algorithm of Generating Network Intrusion Detector Li Ma 1, a, Yan Chen 1, b

An Alarm Correlation Algorithm for Network Management Based on Root Cause Analysis

Immunity inspired Cooperative Agent based Security System

Using Neural Networks for Alarm Correlation in Cellular Phone Networks

Real time Video Fire Detection using Spatio-Temporal Consistency Energy

Research Article Footstep and Vehicle Detection Using Seismic Sensors in Wireless Sensor Network: Field Tests

Applied Data Science: Using Machine Learning for Alarm Verification

Neuro Fuzzy Soft Computing Solution Manual

Autonomous Environment Control System using Fuzzy Logic

International Journal of Research Available at

A Forest Fire Warning Method Based on Fire Dangerous Rating Dan Wang 1, a, Lei Xu 1, b*, Yuanyuan Zhou 1, c, Zhifu Gao 1, d

ON-LINE SENSOR CALIBRATION MONITORING AND FAULT DETECTION FOR CHEMICAL PROCESSES

Topic: Alarm Reduction and Correlation in IDS

Alarm Correlation Research and Implementation Based on Similar Data Sources

Developing a railway station safety control automation system

SCIENCE BASED OPEN ELECTIVES EOE-031/EOE-041: INTRODUCTION TO SOFT COMPUTING (Neural Networks, Fuzzy Logic and Genetic Algorithm)

Bringing Smarts to Methane Emissions Detection

Current SEI SAT Initiative Technology Investigations. Architecture-Related Technology. Current SEI SAT Initiative Technology Investigations 5/1/2008

Ordered Fuzzy ARTMAP: A Fuzzy ARTMAP algorithm with a fixed order

Video Analytics Technology for Disaster Management and Security Solutions

ANALYSIS OF OTDR MEASUREMENT DATA WITH WAVELET TRANSFORM. Hüseyin ACAR *

Performance Neuro-Fuzzy for Power System Fault Location

REDUCING FALSE ALARM USING HYBRID INTRUSION DETECTION BASED ON X-MEANS CLUSTERING AND RANDOM FOREST CLASSIFICATION

GASSONIC Ultrasonic Gas Leak Detection. How fast does your Gas Detection System detect leaks? Because every life has a purpose...

Procedia - Social and Behavioral Sciences 195 ( 2015 ) World Conference on Technology, Innovation and Entrepreneurship

AS a principal element of a large-scale power plant, it is essential

Fire Detection Using Image Processing

Negative Selection Algorithm for Aircraft Fault Detection

Expert System for Mine Supervising Staff Fire Hazard Monitoring and Fire - Fighting

Night-time Vehicle Detection for Automatic Headlight Beam Control

SYNERGY IN LEAK DETECTION: COMBINING LEAK DETECTION TECHNOLOGIES THAT USE DIFFERENT PHYSICAL PRINCIPLES

The Effects of Algorithmic Diversity on Anomaly Detector Performance

THE EFFECTS OF HUMIDITY, COMPRESSOR OPERATION TIME AND AMBIENT TEMPERATURE ON FROST FORMATION IN AN INDUSTRIAL FRIDGE *

To appear in the IEEE/IFIP 1996 Network Operations and Management. Symposium (NOMS'96), Kyoto, Japan, April TASA: Telecommunication

EVACUATION MODELLING IN ROAD TUNNEL FIRES

Dynamic Simulation of Double Pipe Heat Exchanger using MATLAB simulink

Chapter 2 Theory and Background

Numerical Studies On The Performance Of Methanol Based Air To Air Heat Pipe Heat Exchanger

Simulation study of evacuation in high-rise buildings

Video Smoke Detection using Deep Domain Adaptation Enhanced with Synthetic Smoke Images

1066. A self-adaptive alarm method for tool condition monitoring based on Parzen window estimation

Improving rail network velocity: A machine learning approach to predictive maintenance

Plowing the Streets of Pittsburgh

Optimized Residential Loads Scheduling Based On Dynamic Pricing Of Electricity : A Simulation Study

On the Applicability of Correlation Filters for Appliance Detection in Smart Meter Readings

Use of Autoassociative Neural Networks for Signal Validation

Study and development of an innovative 3G/4G wireless network analysis tool

Thermal Video Analysis for Fire Detection Using Shape Regularity and Intensity Saturation Features

STUDY ON THE CONTROL ALGORITHM OF THE HEAT PUMP SYSTEM FOR LOAD CHANGE

Methodology and Application of Pattern Mining in Multiple Alarm Flood Sequences

T-detector Maturation Algorithm with Overlap Rate

False Alarm Suppression in Early Prediction of Cardiac Arrhythmia

Performance Evaluation of Event Detection Solutions: the CREDS experience

A Study on Hierarchy of Spatial Configuration in Outpatient Department of General Hospital

Security Management System - Configuring Video Analytics

MODELLING AND OPTIMIZATION OF DIRECT EXPANSION AIR CONDITIONING SYSTEM FOR COMMERCIAL BUILDING ENERGY SAVING

IJSRD - International Journal for Scientific Research & Development Vol. 3, Issue 01, 2015 ISSN (online):

COMPUTATIONAL ANALYSIS AND GENERATION OF TRADITIONAL CHINESE PRIVATE GARDENS THROUGH SPACE SYNTAX AND PARAMETRIC DESIGN

REMOTE CONTROL AND MONITORING OF LANDMINES DETECTION ROBOTIC SYSTEM

Soft Computing. - Introduction - Andrea Bonarini

Neurofuzzy Computing aided Fault Diagnosis of Nuclear Power Reactors

Thermal comfort investigation on a naturally ventilated two- storey residential house in Malaysia

SMART EMERGENCY RESPONSE SYSTEM Ankitha Pille (Grad no. 5)

Home appliances simulator for smart home systems testing

International Journal of Advance Engineering and Research Development DESIGN OF TEXTILES INDUSTRIES BATCH MANGEMENT USING PLC AND SCADA

Hamidreza Rashidy Kanan. Electrical Engineering Department, Bu-Ali Sina University

INTRODUCTION TO ROBOTICS

Early Forest Fire Detection with Sensor Networks: Sliding Window Skylines Approach *

Fuzzy Logic Based Coolant Leak Detection

Benefits of Enhanced Event Analysis in. Mark Miller

2018 Voluntary Page and Overlength Article Charges Updated 3/14/18

Implementation of Artificial Neural Fuzzy Inference System in a Real Time Fire Detection Mechanism

VIBstudio is an intelligent platform for online condition monitoring, failure protection and vibration-based diagnostics of machinery.

Alarm Analysis with Fuzzy Logic and Multilevel Flow Models

Research on Evaluation of Fire Detection Algorithms

How to Use Fire Risk Assessment Tools to Evaluate Performance Based Designs

GM Ultrasonic Gas Leak Detection Gas Detection at the Speed of Sound. How fast does your Gas Detection System detect leaks?

Air Distribution and Ventilation Effectiveness in a room with Floor/Ceiling Heating and Mixing/Displacement Ventilation

Smart Surveillance System using Background Subtraction Technique in IoT Application

Integrated Knowledge Base Tool for Acquisition and. Verification of NPP Alarm Systems

Fire Dynamics Simulation and Evacuation for a Large Shopping Center (Mall), Part II, Evacuation Scenarios

A Method for Predicting the Matric Suction of Unsaturated Soils with Soil Color Recognition

IDS RainStorm: Visualizing IDS Alarms. Kulsoom Abdullah, Chris Lee, Gregory Conti, John A. Copeland, John Stasko

A Generalized Delay-timer for Alarm Triggering

Design of the Fiber-optic Fence Warning System with Distributed Video Real-Time Display Function Qiang-yi YI and Zheng-hong YU *

Leak Detection. Ron Threlfall Manager, Leak Detection, Maintenance and Integration

Personalized Energy Auditor: Estimating Personal Electricity Usage

Impact of Supervisory Gas Pressure on Dry Pipe Sprinkler System Water Delivery Time. Steve Wolin Director, Development and Compliance

a high level of operational reliability), and the designer (in performing probabilistic-based

Vision Based Intelligent Fire Detection System

Soft Computing. Introduction. Andrea Bonarini

Application of Golay Coded Pulse Compression in Air-coupled Ultrasonic Testing of Flexible Package Seal Defect

Accurate Fire Detection System for Various Environments using Gaussian Mixture Model and HSV Space

A Model of the Population of Fire Detection Equipment Based on the Geometry of the Building Stock

LPG GAS LEAKAGE DETECTION, MONITORING AND CONTROL USING LabVIEW

A Trust Management based Framework for Fault-tolerant Barrier Coverage in Sensor Networks

Transcription:

Intrusion Detection System: Facts, Challenges and Futures By Gina Tjhai 13 th March 2007 Network Research Group 1

Overview Introduction Challenges of current IDS Potential solutions Alarm Correlation Existing methods of Alarm Correlation Future IDS developments 2

Introduction What is actually Intrusion Detection System (IDS)? A component of computer and network infrastructure which is aimed at detecting attacks against computer systems and networks, or information system. IDS implementation: As a hardware installed on the network Or as an agent on an existing piece of hardware that is connected to the network. 3

Introduction Component of IDS Information Collection Detection Response Parameters of IDS Accuracy Performance Completeness 4

Introduction IDS Classification Sources Application-based Host-based Network-based Hybrid Detection Mechanism Misuse detection Anomaly based Hybrid Response Active Passive 5

Challenges of IDS Runtime limitations Specification of detection signatures Dependency on environment High rate of false alarms the limiting factor for the performance of an intrusion detection system Is fine-tuning effective? 6

Potential Solutions Data mining The creation of complex database which is used to record data related to specific activities. Through the data generated, a pattern or model will be developed by knowledge seeker based on the accumulated data processed by the algorithm implemented on the front end application. Examples: Applying the concept of root cause ( the reason for which alerts occur ) (Dain and Cunningham 2001) Sequential pattern mining and episode rules (Lee and Stolfo 2000) 7

Potential Solutions Machine learning technique Referring to a system capable of the autonomous acquisition and integration of knowledge Example: Alert Classification true positives and false positive (Pietraszek 2004) 8

Potential Solutions Co-simulation mechanism (based on a biological immune mechanism) (Qiao and Weixin 2002) Integrating the misuse detection technique with the anomaly detection technique Applying a co-stimulation mechanism Alarm Correlation 9

Alert Correlation Correlating alarms : combining the fragmented information contained in the alert sequences and interpreting the whole flow of alerts Functional requirements: Modifying alarms Suppressing alarms Clearing active alarms Generating new alarms Delaying alarms 10

Existing methods of Alarm Correlation Correlating alerts based on the prerequisites of intrusion providing a high level of representation of the correlated alerts, and thus reveals the structure of series of attacks. (Ning et al. 2001) Correlating alerts based on the similarities between alert features grouping alerts into scenario depending on the number of matching attributes from the most general to the most specific cases. (Debar and Wespi 2001) 11

Existing methods of Alarm Correlation Alarm correlation based on chronicle formalism multi-event correlation component using input IDS alerts (Morin and Debar 2003) Probabilistic approach to alert correlation providing a mathematical framework for fusing alerts that match closely but not perfectly (Valdes and Skinner 2001) 12

Future Development of IDS techniques Why use Artificial Intelligence? Flexibility (vs. threshold definition) Adaptability (vs. specific rules) Pattern Recognition (and detection of new patterns) Faster computing (faster than human) Learning abilities AI tools: Neural Network Fuzzy logic Others 13

Future Development of IDS techniques Artificial Neural Network Neural Network identifying the typical characteristics of system user and statistically identify significant variations from the user s established behaviours. Type of Neural Network Multilayer perceptron Self Organising Map Radial basis neural networks Support Vector Machine Other 14

Future Development of IDS techniques Potential implementation of Artificial Intelligence techniques on alert correlation: Multilayer perceptron and Support Vector Machine Probabilistic output of these methods support the causal relationships of alerts, which is helpful for constructing attack scenarios (Zhu and Ghorbani 2006) Fuzzy Cognitive Modelling A causal knowledge based reasoning mechanism with fuzzy cognitive modelling is used to correlate alerts by discovering causal relationships in alert data (Siraj and Vaughn 2005) 15

Conclusions The problem of high false alarm rate has become one of the most critical issues faced by IDS today. The future of IDS lies on data correlation Alarm correlation mechanism aims at acquiring intrusion detection alerts and relating them together to expose a more condensed view of the security issues. Artificial Intelligence plays an important role in improving the performance of IDS technology. 16

Conclusions Benefit of Artificial Intelligence: Flexibility (vs. threshold definition) Adaptability (vs. specific rules) Pattern Recognition (and detection of new patterns) Faster computing (faster than human) Learning abilities 17

References Allen, J., Christie, A. et al (2000), State of the Practice of Intrusion Detection Technologies, Technical Report CMU/SEI-99-TR-028, Carnegie Mellon University, available online: http://www.sei.cmu.edu/publications/documents/99.reports/99tr028/99tr02 8abstract.html, date visited: 22 January 2007 Lee, W., Stolfo, S.J. (2000), A Framework for Constructing Features and Models for Intrusion Detection Systems, ACM Transactions on Information and System Security 3(4) pp. 227-261 Pietraszek, T., Tanner, A. (2005), Data mining and machine learning - Towards reducing false positives in intrusion detection, Information security technical report [1363-4127] 10(3) pp. 169-183 Pietraszek, T.: Using Adaptive Alert Classification to Reduce False Positives inintrusion Detection. In Jonsson, E., Valdes, A., Almgren, M., eds.: RAID 04:Proc. 7th Symposium on Recent Advances in Intrusion Detection. Volume 3224 oflncs., Springer-Verlag (2004) 102 124 Julisch, K. (2001), Mining Alarm Clusters to Improve Alarm Handling Efficiency, In:ACSAC 01: Proc. 17th Annual Computer Security Applications Conference (AC-SAC), ACM Press pp. 12 21 Siraj, A., Vaughn, R. (2005), A Cognitive Model for Alert Correlation in a Distributed Environment Lecture Notes in Computer Science vol. 3495/2005, pp. 218-230 18

References Qiao, Y., Weixin, X.: A Network IDS with Low False Positive Rate. In Fogel,D.B., El-Sharkawi, M.A., Yao, X., Greenwood, G., Iba, H., Marrow, P., Shackleton,M., eds.: CEC 02: Proc. IEEE Congress on Evolutionary Computation, IEEE Computer Society Press (2002) 1121 1126 Ning, P., Reeves, D., Cui, Y. (2001) Correlating Alerts Using Prerequisites of Intrusions Technical Report TR-2001-13, North Carolina State University Debar H. and A. Wespi. (2001) Aggregation and Correlation of Intrusion- Detection Alerts, In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, Davis, CA, USA, pp. 85-103, October 2001 Valdes, A. and Skinner, K. (2001), Probabilistic Alert Correlation, In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, Davis, CA, USA, October, pp. 54-68 Morin, B., Debar, H., Correlation of Intrusion Symptoms: an Application of Chronicles (2003), Proceedings of the 6th symposium on Recent Advances in Intrusion Detection (RAID 2003), Carnegie Mellon University, Pittsburg, PA,. Springer LNCS 2820, pages 94-112. Zhu, B., Ghorbani, A. (2006), Alert Correlation for Extracting Attack Strategies, International Journal of Network Security 3(2), pp. 244-258 19

Q & A Thank You 20

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback