Casting out Demons: Sanitizing Training Data for Anomaly Sensors Angelos Stavrou,
|
|
- Martina Morrison
- 5 years ago
- Views:
Transcription
1 Casting out Demons: Sanitizing Training Data for Anomaly Sensors Angelos Stavrou, Department of Computer Science George Mason University Joint work with Gabriela Cretu, Michael E. Locasto, Salvatore J. Stolfo, Angelos D. Keromytis
2 Anomaly Detection (AD) Systems Supervised They are dependent on labeled data, which cannot be prepared for large data sets, eg. network packets Semi-supervised Using a third party sensor for labeling some data as known bad data Dependent on clean data for training Unsupervised Can clean the data by determining the outliers in the training data No good definition for an anomaly other than low probability data
3 Motivation Detection of zero-day attacks (only using AD system) Detection accuracy of all learning-based anomaly detectors depends heavily on the quality of the training data Training data is often poor, severely degrading AD s reliability as detection and forensic analysis tools
4 Rest of the Talk Intuition Local Training Sanitization Distributed Cross-Sanitization Future work Conclusions
5 Intuition Pattern of actions reflected on traces: Regular what we are expecting based on previous observations Abnormal unlikely data requiring further investigation An attack can pass as normal traffic if it is part of the training set Sanitize the training data by using a large set of micro-models where attacks and non-regular data cause a localized or limited pollution of training data
6 Training Dataset Sanitization Attacks and accidental mal-formed requests/data cause a local pollution of training data An attack can pass as normal traffic if it is part of the training set We seek to remove both malicious and abnormal data from the training dataset Related ML algorithms: Ensemble methods [Dietterich00] MetaCost [Domingos99] Meta-learning [Stolfo00]
7 Training Strategies Uniform Time Divide data into multiple blocks micro-datasets with the same time granularity..
8 Training Strategies Multiple Models Divide data into multiple blocks Build micro-models for each block Attacks and non-regular data cause localized pollution.. µmm 1 µm M 22 µmm K
9 Training Strategies Voting Models Divide data into multiple blocks Build micro-models for each block Test all models against a smaller dataset Simple voting: Weighted voting: w i = number of packets.. µmm 1 µm M 22 µmm K used for training µm i Voting algorithm
10 Training Strategies - Sanitization Divide data into multiple blocks Build micro-models for each block Test all models against a smaller dataset Build sanitized and abnormal models sanitized model:.. abnormal model: V = voting threshold µmm 1 µm M 22 µmm K Training phase Abnormal model model Voting algorithm Sanitized model
11 Shadow Sensor Redirection Shadow sensor Heavily instrumented host based anomaly detector akin to an oracle Performs substantially slower than the native application Use the shadow sensor to classify or corroborate the alerts produced by the AD sensors Sanitized model Feasibility and scalability depend on the number of alerts generated by the AD sensor Testing phase Alert? Alert? False false positive False positive Host based IDS Alert Shadow Alert server
12 Overall Architecture µmm 1 µm M 22 µmm K Training phase Testing phase Alert? Voting algorithm Abnormal Malicious model model Sanitized model Alert? False false positive False positive Host based Shadow IDS Alert Alert server For each host, use a large set of training data: Divide data into multiple blocks Build micro-models for each block Test all models against a smaller dataset Sanitize data based on previous step and build the sanitized model Build an abnormal model as well
13 Micro-models Partition a large training dataset into a number of smaller, time delimited training sets => microdatasets where each md i has a time granularity, g AD can be any chosen anomaly detection algorithm T is the training dataset M denotes the normal model produced by AD Attacks and non-regular data cause a localized or limited pollution of training data
14 Voting algorithms Using a second dataset and testing it against M i L j,i = 0 if M i deems the packet P j as normal L j,i = 1 otherwise The generalized label for packet P j where w i is the weight assigned to M i Simple voting: Weighted voting: used for training µm i = proportion of all packets
15 Sanitized and Abnormal Models Sanitized model Abnormal model V = voting threshold
16 Evaluation Proof of concept using two content-based anomaly detectors: Anagram Payl semi-supervised learning (when using Snort) supervised learning (without Snort) analyzing n-gram unsupervised learning analyzing byte(1-gram) frequency distributions
17 Evaluation dataset 300/100/100 hours of real network traffic
18 Voting Techniques Comparison a) Simple voting b) Weighted voting Performance of Anagram sensor after sanitization for www1
19 Datasets Comparison Performance for www and lists for 3-hour granularity when using Anagram
20 AD sensors comparison Sensor FP)(%) FA TP)(%) TA Anagram Anagram)with)Snort Anagram)with sanitization Payl , Payl)with)sanitization ,
21 Signal-to-noise ratio comparison Sensor www1 www lists Anagram Anagram with Snort Anagram with sanitization Payl Payl with sanitization signal-to-noise ratio TP/FP: higher values mean better results
22 Granularity Impact Granularity impact on the performance of the system when using Anagram and Payl
23 Training Dataset Size Impact Impact of the size of the training dataset for www1
24 AD s Internal Threshold Impact Impact of the anomaly detector s internal threshold for www1 when using Anagram
25 Analysis of g and V a) Simple voting b) Weighted voting Performance of Anagram sensor after sanitization
26 Shadow Sensor Performance Evaluation Overall computational requirements of an AD sensor and a host based sensor (e.g. STEM and DYBOC) l is the standard latency of a protected service O s is the shadow server overhead FP is the false positive rate Sensor STEM DYBOC N/A 44*l 1.2*l Anagram 1.031*l *l Anagram=with=Snort *l *l Anagram=with=sanitization *l *l Payl *l *l Payl=with=sanitization *l *l
27 Caveat Emptor & Limitations The presence of a long-lasting attack in the dataset used for computing the micro-models Poisoning all the micro-models
28 AD Distributed Cross-Sanitization Use external knowledge (models) to generate a better local normal model Abnormal models are exchanged across collaborative sites [Stolfo00] re-evaluate the locally computed sanitized models Apply model differencing Remove remote abnormal data from the local normal model
29 Cross-sanitization Direct model differencing Analytic method, difference of the models Indirect model differencing No analytic method, use testing Local sanitized model direct indirect Remote abnormal model
30 Cross-sanitization: Evaluation Model www1 www lists FP (%) TP (%) FP (%) TP (%) FP (%) TP (%) M pois M cross (direct) M cross (indirect) Indirect model differencing is more expensive than the direct model differencing Method www1 www lists direct s s s indirect s s s
31 Future work adversarial scenarios: new techniques to resist training attacks distributed sanitization: a distributed architecture to share models and remove training attacks model updates: updating AD models to accommodate concept drift
32 Conclusions A novel sanitization method that boosts the performance of out-of-the-box anomaly detectors Simple and general method, without significant additional computational cost An efficient and accurate online packet classifier; both in real time and in post-processing forensic analysis
33 Thank you Questions?
Data Sanitization: Improving the Forensic Utility of Anomaly Detection Systems
Data Sanitization: Improving the Forensic Utility of Anomaly Detection Systems Gabriela F. Cretu, Angelos Stavrou, Salvatore J. Stolfo and Angelos D. Keromytis Department of Computer Science, Columbia
More informationBEHAVIOR-BASED NETWORK ACCESS CONTROL: A PROOF-OF-CONCEPT
BEHAVIOR-BASED NETWORK ACCESS CONTROL: A PROOF-OF-CONCEPT Intrusion Detection Systems Lab Columbia University Vanessa Frias-Martinez, vf2001@cs.columbia.edu Salvatore J. Stolfo, sal@cs.columbia.edu Angelos
More informationAnagram: A Content Anomaly Detector Resistant to Mimicry Attack 1
Anagram: A Content Anomaly Detector Resistant to Mimicry Attack 1 Ke Wang Janak J. Parekh Salvatore J. Stolfo Computer Science Department, Columbia University 500 West 120 th Street, New York, NY, 10027
More informationBehavior-Based Network Access Control: A Proof-of-Concept
Behavior-Based Network Access Control: A Proof-of-Concept Anonymous Submission Abstract Current NAC technologies implement a pre-connect phase where the status of a device is checked against a set of policies
More informationMcPAD and HMM-Web: two different approaches for the detection of attacks against Web applications
McPAD and HMM-Web: two different approaches for the detection of attacks against Web applications Davide Ariu, Igino Corona, Giorgio Giacinto, Fabio Roli University of Cagliari, Dept. of Electrical and
More informationIntroduction Challenges with using ML Guidelines for using ML Conclusions
Introduction Challenges with using ML Guidelines for using ML Conclusions Misuse detection Exact descriptions of known bad behavior Anomaly detection Deviations from profiles of normal behavior First proposed
More informationModel Aggregation for Distributed Content Anomaly Detection
Model Aggregation for Distributed Content Anomaly Detection Sean Whalen, Nathaniel Boggs, and Salvatore J. Stolfo Columbia University, New York NY 10027, USA shwhalen@gmail.com, {boggs,sal}@cs.columbia.edu
More informationZERO-DAY WEB ATTACK DETECTION USING COLLABORATIVE AND TRANSDUCTION-BASED ANOMALY DETECTORS
ZERO-DAY WEB ATTACK DETECTION USING COLLABORATIVE AND TRANSDUCTION-BASED ANOMALY DETECTORS by Sharath Hiremagalore A Dissertation Submitted to the Graduate Faculty of George Mason University In Partial
More informationModel Aggregation for Distributed Content Anomaly Detection
Model Aggregation for Distributed Content Anomaly Detection Sean Whalen shwhalen@gmail.com Nathaniel Boggs boggs@cs.columbia.edu Columbia University New York NY 10027, USA Salvatore J. Stolfo sal@cs.columbia.edu
More informationIntrusion Detection and Malware Analysis
Intrusion Detection and Malware Analysis Anomaly-based IDS Pavel Laskov Wilhelm Schickard Institute for Computer Science Taxonomy of anomaly-based IDS Features: Packet headers Byte streams Syntactic events
More informationMeasuring Intrusion Detection Capability: An Information- Theoretic Approach
Measuring Intrusion Detection Capability: An Information- Theoretic Approach Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee Georgia Tech Boris Skoric Philips Research Lab Outline Motivation Problem Why
More informationAnalyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks. Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer
Analyzing Flow-based Anomaly Intrusion Detection using Replicator Neural Networks Carlos García Cordero Sascha Hauke Max Mühlhäuser Mathias Fischer The Beautiful World of IoT 06.03.2018 garcia@tk.tu-darmstadt.de
More informationCSE543 - Computer and Network Security Module: Intrusion Detection
CSE543 - Computer and Network Security Module: Intrusion Detection Professor Trent Jaeger 1 Intrusion An authorized action... that exploits a vulnerability... that causes a compromise... and thus a successful
More informationCSE543 - Computer and Network Security Module: Intrusion Detection
CSE543 - Computer and Network Security Module: Intrusion Detection Professor Trent Jaeger CMPSC443 - Introduction to Computer and Network Security 1 2 Intrusion An authorized action... that exploits a
More informationPolymorphic Blending Attacks. Slides by Jelena Mirkovic
Polymorphic Blending Attacks Slides by Jelena Mirkovic 1 Motivation! Polymorphism is used by malicious code to evade signature-based IDSs Anomaly-based IDSs detect polymorphic attacks because their byte
More informationDetecting Credential Spearphishing Attacks in Enterprise Settings
Detecting Credential Spearphishing Attacks in Enterprise Settings Grant Ho UC Berkeley Aashish Sharma, Mobin Javed, Vern Paxson, David Wagner 1 Spear Phishing Targeted email that tricks victim into giving
More informationAutomated Signature Generation: Overview and the NoAH Approach. Bernhard Tellenbach
Automated Signature Generation: Overview and the NoAH Approach Structure Motivation: The speed of insecurity Overview Building Blocks and Techniques The NoAH approach 2 The speed of insecurity Source:
More informationRandomized Anagram Revisited
Randomized Anagram Revisited Sergio Pastrana a,, Agustin Orfila a, Juan E. Tapiador a, Pedro Peris-Lopez a a Computer Security (COSEC) Lab Department of Computer Science, Universidad Carlos III de Madrid
More informationFailure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data
Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data Anurag Srivastava, Bo Cui, P. Banerjee Washington State University NASPI March 2017 Outline
More informationExploiting n-gram location for intrusion detection
Exploiting n-gram location for intrusion detection Fabrizio Angiulli, Luciano Argento, Angelo Furfaro DIMES University of Calabria P. Bucci, 41C I-87036 Rende (CS), Italy Email: {f.angiulli, l.argento,
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More informationSimulation Environment for Investigation of Cooperative Distributed Attacks and Defense
Simulation Environment for Investigation of Cooperative Distributed Attacks and Defense Igor Kotenko, Alexander Ulanov Computer Security Research Group, St. Petersburg Institute for Informatics and Automation
More informationAn Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree
An Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree P. Radoglou-Grammatikis and P. Sarigiannidis* University of Western Macedonia Department of Informatics & Telecommunications
More information"GET /cgi-bin/purchase?itemid=109agfe111;ypcat%20passwd mail 200
128.111.41.15 "GET /cgi-bin/purchase? itemid=1a6f62e612&cc=mastercard" 200 128.111.43.24 "GET /cgi-bin/purchase?itemid=61d2b836c0&cc=visa" 200 128.111.48.69 "GET /cgi-bin/purchase? itemid=a625f27110&cc=mastercard"
More informationLecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations
Lecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations Prateek Saxena March 3 2008 1 The Problems Today s lecture is on the discussion of the critique on 1998 and 1999 DARPA IDS evaluations conducted
More informationBig Data Analytics for Host Misbehavior Detection
Big Data Analytics for Host Misbehavior Detection Miguel Pupo Correia joint work with Daniel Gonçalves, João Bota (Vodafone PT) 2016 European Security Conference June 2016 Motivation Networks are complex,
More informationAn Adaptive Framework for Multistream Classification
An Adaptive Framework for Multistream Classification Swarup Chandra, Ahsanul Haque, Latifur Khan and Charu Aggarwal* University of Texas at Dallas *IBM Research This material is based upon work supported
More informationCLUSTERING. CSE 634 Data Mining Prof. Anita Wasilewska TEAM 16
CLUSTERING CSE 634 Data Mining Prof. Anita Wasilewska TEAM 16 1. K-medoids: REFERENCES https://www.coursera.org/learn/cluster-analysis/lecture/nj0sb/3-4-the-k-medoids-clustering-method https://anuradhasrinivas.files.wordpress.com/2013/04/lesson8-clustering.pdf
More informationQuadratic Route Factor Estimation Technique for Routing Attack Detection in Wireless Adhoc Networks
European Journal of Applied Sciences 8 (1): 41-46, 2016 ISSN 2079-2077 IDOSI Publications, 2016 DOI: 10.5829/idosi.ejas.2016.8.1.22852 Quadratic Route Factor Estimation Technique for Routing Attack Detection
More informationBehavior-Profile Clustering for False Alert Reduction in Anomaly Detection Sensors
Behavior-Profile Clustering for False Alert Reduction in Anomaly Detection Sensors Vanessa Frias-Martinez Salvatore J. Stolfo Angelos D. Keromytis Computer Science Department, Columbia University 500 West
More informationData Sources for Cyber Security Research
Data Sources for Cyber Security Research Melissa Turcotte mturcotte@lanl.gov Advanced Research in Cyber Systems, Los Alamos National Laboratory 14 June 2018 Background Advanced Research in Cyber Systems,
More informationBehavior-Profile Clustering for False Alert Reduction in Anomaly Detection Sensors
Behavior-Profile Clustering for False Alert Reduction in Anomaly Detection Sensors Vanessa Frias-Martinez, Salvatore J. Stolfo, and Angelos D. Keromytis Computer Science Department, Columbia University
More informationMechanisms for Database Intrusion Detection and Response. Michael Sintim - Koree SE 521 March 6, 2013.
Mechanisms for Database Intrusion Detection and Response Michael Sintim - Koree SE 521 March 6, 2013. Article Title: Mechanisms for Database Intrusion Detection and Response Authors: Ashish Kamra, Elisa
More informationEmpirical risk minimization (ERM) A first model of learning. The excess risk. Getting a uniform guarantee
A first model of learning Let s restrict our attention to binary classification our labels belong to (or ) Empirical risk minimization (ERM) Recall the definitions of risk/empirical risk We observe the
More informationBusiness Club. Decision Trees
Business Club Decision Trees Business Club Analytics Team December 2017 Index 1. Motivation- A Case Study 2. The Trees a. What is a decision tree b. Representation 3. Regression v/s Classification 4. Building
More informationSelf-Learning Systems for Network Intrusion Detection
Self-Learning Systems for Network Intrusion Detection Konrad Rieck Computer Security Group University of Göttingen GEORG-AUGUST-UNIVERSITÄT GÖTTINGEN About Me» Junior Professor for Computer Security» Research
More informationEmpirical Study of Automatic Dataset Labelling
Empirical Study of Automatic Dataset Labelling Francisco J. Aparicio-Navarro, Konstantinos G. Kyriakopoulos, David J. Parish School of Electronic, Electrical and System Engineering Loughborough University
More informationAnomaly Detection in Cyber Networks using Graph-node Role-dynamics and NetFlow Bayesian Normalcy Modeling
Anomaly Detection in Cyber Networks using Graph-node Role-dynamics and NetFlow Bayesian Normalcy Modeling Anthony Palladino, PhD, Senior Research Scientist Christopher Thissen, PhD, Research Scientist
More informationNew Directions in Traffic Measurement and Accounting. Need for traffic measurement. Relation to stream databases. Internet backbone monitoring
New Directions in Traffic Measurement and Accounting C. Estan and G. Varghese Presented by Aaditeshwar Seth 1 Need for traffic measurement Internet backbone monitoring Short term Detect DoS attacks Long
More informationIDS: Signature Detection
IDS: Signature Detection Idea: What is bad, is known What is not bad, is good Determines whether a sequence of instructions being executed is known to violate the site security policy Signatures: Descriptions
More informationMahalanobis Distance Map Approach for Anomaly Detection
Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2010 Mahalanobis Distance Map Approach for Anomaly Detection Aruna Jamdagnil
More informationBARTER: Behavior Profile Exchange for Behavior-Based Admission and Access Control in MANETs
BARTER: Behavior Profile Exchange for Behavior-Based Admission and Access Control in MANETs Vanessa Frias-Martinez 1, Salvatore J. Stolfo 2, and Angelos D. Keromytis 2 1 Telefónica Research, Madrid, Spain
More informationTools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems
Tools, Techniques, and Methodologies: A Survey of Digital Forensics for SCADA Systems Presenters: Rima Asmar Awad, Saeed Beztchi Co-Authors: Jared M. Smith, Stacy Prowell, Bryan Lyles Overview Supervisory
More informationAbnormal Network Traffic Detection Based on Semi-Supervised Machine Learning
2017 International Conference on Electronic, Control, Automation and Mechanical Engineering (ECAME 2017) ISBN: 978-1-60595-523-0 Abnormal Network Traffic Detection Based on Semi-Supervised Machine Learning
More informationEvading Network Anomaly Detection Sytems - Fogla,Lee. Divya Muthukumaran
Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection Systems Signature Based IDS Monitor packets on the network Compare them against database of signatures/attributes
More informationAnomaly Detection in Communication Networks
Anomaly Detection in Communication Networks Prof. D. J. Parish High Speed networks Group Department of Electronic and Electrical Engineering D.J.Parish@lboro.ac.uk Loughborough University Overview u u
More informationTriBiCa: Trie Bitmap Content Analyzer for High-Speed Network Intrusion Detection
Dept. of Electrical and Computer Eng. : Trie Bitmap Content Analyzer for High-Speed Network Intrusion Detection N. Sertac Artan and Jonathan H. Chao 8 May 27 26th Annual IEEE Conference on Computer Communications
More informationQuadratic Route Factor Estimation Technique for Routing Attack Detection in Wireless Adhoc Networks
European Journal of Applied Sciences 8 (1): 55-61, 2016 ISSN 2079-2077 IDOSI Publications, 2016 DOI: 10.5829/idosi.ejas.2016.8.1.22863 Quadratic Route Factor Estimation Technique for Routing Attack Detection
More informationFlowzilla: A Methodology for Detecting Data Transfer Anomalies in Research Networks. Anna Giannakou, Daniel Gunter, Sean Peisert
Flowzilla: A Methodology for Detecting Data Transfer Anomalies in Research Networks Anna Giannakou, Daniel Gunter, Sean Peisert Research Networks Scientific applications that process large amounts of data
More informationCommunication Pattern Anomaly Detection in Process Control Systems
Communication Pattern Anomaly Detection in Process Control Systems Sponsored by the Department of Energy National SCADA Test Bed Program Managed by the National Energy Technology Laboratory The views herein
More informationMcPAD : A Multiple Classifier System for Accurate Payload-based Anomaly Detection
McPAD : A Multiple Classifier System for Accurate Payload-based Anomaly Detection Roberto Perdisci a,b, Davide Ariu c, Prahlad Fogla d, Giorgio Giacinto c, and Wenke Lee b a Damballa, Inc., Atlanta, 30308
More informationIntrusion Detection by Combining and Clustering Diverse Monitor Data
Intrusion Detection by Combining and Clustering Diverse Monitor Data TSS/ACC Seminar April 5, 26 Atul Bohara and Uttam Thakore PI: Bill Sanders Outline Motivation Overview of the approach Feature extraction
More informationDeep Learning Approach to Network Intrusion Detection
Deep Learning Approach to Network Intrusion Detection Paper By : Nathan Shone, Tran Nguyen Ngoc, Vu Dinh Phai, Qi Shi Presented by : Romi Bajracharya Overview Introduction Limitation with NIDS Proposed
More informationCE Advanced Network Security
CE 817 - Advanced Network Security Lecture 5 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained from other
More informationClustering & Classification (chapter 15)
Clustering & Classification (chapter 5) Kai Goebel Bill Cheetham RPI/GE Global Research goebel@cs.rpi.edu cheetham@cs.rpi.edu Outline k-means Fuzzy c-means Mountain Clustering knn Fuzzy knn Hierarchical
More informationAn Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks
An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks December 1. 2006 Jong Oh Choi Department of Computer Science Yonsei University jochoi@emerald.yonsei.ac.kr Contents Motivation
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationEmerging Threat Intelligence using IDS/IPS. Chris Arman Kiloyan
Emerging Threat Intelligence using IDS/IPS Chris Arman Kiloyan Who Am I? Chris AUA Graduate (CS) Thesis : Cyber Deception Automation and Threat Intelligence Evaluation Using IDS Integration with Next-Gen
More informationCINBAD. CERN/HP ProCurve Joint Project on Networking. Post-C5 meeting, 12 June 2009 (hepix, 26 May 2009)
CINBAD CERN/HP ProCurve Joint Project on Networking Post-C meeting, 12 June 2009 (hepix, 26 May 2009) Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN Outline Introduction to CERN network CINBAD
More informationNetwork Traffic Measurements and Analysis
DEIB - Politecnico di Milano Fall, 2017 Sources Hastie, Tibshirani, Friedman: The Elements of Statistical Learning James, Witten, Hastie, Tibshirani: An Introduction to Statistical Learning Andrew Ng:
More informationContents. Preface to the Second Edition
Preface to the Second Edition v 1 Introduction 1 1.1 What Is Data Mining?....................... 4 1.2 Motivating Challenges....................... 5 1.3 The Origins of Data Mining....................
More informationANOMALOUS PAYLOAD-BASED WORM DETECTION AND GENERATION USING KIDS P.GIRIJA 1, A.MOHANRAJ 2, T.MAHESHWARAN 1,2,3 ASSISTANT PROFESSOR
ANOMALOUS PAYLOAD-BASED WORM DETECTION AND SIGNATURE GENERATION USING KIDS P.GIRIJA 1, A.MOHANRAJ 2, T.MAHESHWARAN 1,2,3 ASSISTANT PROFESSOR A.S.L PAULS COLLEGE OF ENGINEERING AND TECHNOLOGY ABSTRACT Most
More informationOSSIM Fast Guide
----------------- OSSIM Fast Guide ----------------- February 8, 2004 Julio Casal http://www.ossim.net WHAT IS OSSIM? In three phrases: - VERIFICATION may be OSSIM s most valuable contribution
More informationE±cient Detection Of Compromised Nodes In A Wireless Sensor Network
E±cient Detection Of Compromised Nodes In A Wireless Sensor Network Cheryl V. Hinds University of Idaho cvhinds@vandals.uidaho.edu Keywords: Compromised Nodes, Wireless Sensor Networks Abstract Wireless
More informationRanking Clustered Data with Pairwise Comparisons
Ranking Clustered Data with Pairwise Comparisons Alisa Maas ajmaas@cs.wisc.edu 1. INTRODUCTION 1.1 Background Machine learning often relies heavily on being able to rank the relative fitness of instances
More informationNMLRG #4 meeting in Berlin. Mobile network state characterization and prediction. P.Demestichas (1), S. Vassaki (2,3), A.Georgakopoulos (2,3)
NMLRG #4 meeting in Berlin Mobile network state characterization and prediction P.Demestichas (1), S. Vassaki (2,3), A.Georgakopoulos (2,3) (1)University of Piraeus (2)WINGS ICT Solutions, www.wings-ict-solutions.eu/
More informationDiverse network environments Dynamic attack landscape Adversarial environment IDS performance strongly depends on chosen classifier
Diverse network environments Dynamic attack landscape Adversarial environment IDS performance strongly depends on chosen classifier Perform differently in different environments No Free Lunch Theorem Combine
More informationNetwork Security Detection With Data Analytics (PREDATOR)
CIS-601 Graduate Seminar Network Security Detection With Data Analytics (PREDATOR) PRESENTED BY :RAJAN SHARMA CSU ID: 2659829 GUIDED BY : Dr. SUNNIE CHUNG Overview Introduction Feature Extraction and Machine
More informationAnomaly Detection of Network Traffic Based on Analytical Discrete Wavelet Transform. Author : Marius SALAGEAN, Ioana FIROIU 10 JUNE /06/10
Anomaly Detection of Network Traffic Based on Analytical Discrete Transform Author : Marius SALAGEAN, Ioana FIROIU 10 JUNE 2010 1 10/06/10 Introduction MAIN OBJECTIVES : -a new detection mechanism of network
More informationModeling System Calls for Intrusion Detection with Dynamic Window Sizes
Modeling System Calls for Intrusion Detection with Dynamic Window Sizes Eleazar Eskin Computer Science Department Columbia University 5 West 2th Street, New York, NY 27 eeskin@cs.columbia.edu Salvatore
More informationInternational Journal of Advanced Engineering Research and Science (IJAERS) [Vol-1, Issue-2, July 2014] ISSN:
Cluster Based Id Revocation with Vindication Capability for Wireless Network S. Janani Devi* *Assistant Professor, ECE, A.S.L.Pauls College of Engineering and Technology, Tamilnadu, India ABSTRACT: The
More informationAutomated Network Anomaly Detection with Learning and QoS Mitigation. PhD Dissertation Proposal by Dennis Ippoliti
Automated Network Anomaly Detection with Learning and QoS Mitigation PhD Dissertation Proposal by Dennis Ippoliti Agenda / Table of contents Automated Network Anomaly Detection with Learning and QoS Mitigation
More informationWEB SPAM IDENTIFICATION THROUGH LANGUAGE MODEL ANALYSIS
WEB SPAM IDENTIFICATION THROUGH LANGUAGE MODEL ANALYSIS Juan Martinez-Romo and Lourdes Araujo Natural Language Processing and Information Retrieval Group at UNED * nlp.uned.es Fifth International Workshop
More informationPolygraph: Automatically Generating Signatures for Polymorphic Worms
Polygraph: Automatically Generating Signatures for Polymorphic Worms James Newsome Brad Karp Dawn Song Presented by: Jeffrey Kirby Overview Motivation Polygraph Signature Generation Algorithm Evaluation
More informationAn Overlay Architecture for End-to-End Internet Service Availability
An Overlay Architecture for End-to-End Internet Service Availability Angelos Stavrou Network Security Lab Computer Science Department, Columbia University Overview of the talk Problem Motivation Summary
More informationStochastic Analysis of Horizontal IP Scanning
Stochastic Analysis of Horizontal IP Scanning Derek Leonard, Zhongmei Yao,, Xiaoming Wang, and Dmitri Loguinov Internet Research Lab Department of Computer Science and Engineering Texas A&M University
More informationThe FootFall Project Tracing Attacks Through Non-Cooperative Networks and Stepping Stones with Timing-Based Watermarking
Computer Science The FootFall Project Tracing Attacks Through Non-Cooperative Networks and Stepping Stones with Timing-Based Watermarking Douglas Reeves Peng Ning N.C. State University Xinyuan Wang The
More informationin High-Speed Networks
Classifying Elephant and Mice Flows in High-Speed Networks Mariam Kiran Anshuman Chabbra (NSIT) Anirban Mandal (Renci) Presented at INDIS 2017 ESnet, LBNL 1 Funded under DE-SC0012636 Talk Agenda Current
More informationEx-Ray: Detection of History-Leaking Browser Extensions
Ex-Ray: Detection of History-Leaking Browser Extensions Michael Weissbacher, Enrico Mariconti, Guillermo Suarez-Tangil, Gianluca Stringhini, William Robertson, Engin Kirda Northeastern University, University
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationIntrusion Detection. October 19, 2018
Intrusion Detection October 19, 2018 Administrative submittal instructions answer the lab assignment s questions in written report form, as a text, pdf, or Word document file (no obscure formats please)
More informationAn Abnormal Data Detection Method Based on the Temporal-spatial Correlation in Wireless Sensor Networks
An Based on the Temporal-spatial Correlation in Wireless Sensor Networks 1 Department of Computer Science & Technology, Harbin Institute of Technology at Weihai,Weihai, 264209, China E-mail: Liuyang322@hit.edu.cn
More informationIntroduction to Traffic Analysis. George Danezis University of Cambridge, Computer Laboratory
Introduction to Traffic Analysis George Danezis University of Cambridge, Computer Laboratory Outline Introduction to anonymous communications Macro-level Traffic Analysis Micro-level Traffic Analysis P2P
More informationSSL Automated Signatures
SSL Automated Signatures WilliamWilsonandJugalKalita DepartmentofComputerScience UniversityofColorado ColoradoSprings,CO80920USA wjwilson057@gmail.com and kalita@eas.uccs.edu Abstract In the last few years
More informationTable of Contents...2 Abstract...3 Protocol Flow Analyzer...3
TABLE OF CONTENTS Table of Contents...2 Abstract...3 Protocol Flow Analyzer...3 What is a Protocol Flow?...3 Protocol Flow Analysis...3 Benefits of Protocol Flow Analysis...4 HTTP Flow Analyzer Overview...4
More informationVulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits
Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits Carl Sabottke Octavian Suciu Tudor Dumitraș University of Maryland 2 Problem Increasing number
More informationWelcome to PI World Transmission & Distribution Industry Session
Welcome to PI World Transmission & Distribution Industry Session Kevin P Walsh Bill McEvoy OSIsoft Power and Utilities Team Kevin P Walsh Global T&D and Smart Grids William E. McEvoy - Global Distributed
More informationSpectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic
Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic Yingbo Song, Angelos D. Keromytis and Salvatore J. Stolfo Department of Computer Science Columbia University New York,
More informationQuantifying Skype User Satisfaction
EECS443: Skype satisfaction presentation p. 1/14 Quantifying Skype User Satisfaction Kuan-Ta Chen, Chun-Ying Huang, Polly Huang, and Chin-Laung Lei SIGCOMM 06, Sep 2006, Pisa, Italy. EECS443: Skype satisfaction
More informationA Network Intrusion Detection System Architecture Based on Snort and. Computational Intelligence
2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 206) A Network Intrusion Detection System Architecture Based on Snort and Computational Intelligence Tao Liu, a, Da
More informationCorrelative Analytic Methods in Large Scale Network Infrastructure Hariharan Krishnaswamy Senior Principal Engineer Dell EMC
Correlative Analytic Methods in Large Scale Network Infrastructure Hariharan Krishnaswamy Senior Principal Engineer Dell EMC 2018 Storage Developer Conference. Dell EMC. All Rights Reserved. 1 Data Center
More informationSummary Cache based Co-operative Proxies
Summary Cache based Co-operative Proxies Project No: 1 Group No: 21 Vijay Gabale (07305004) Sagar Bijwe (07305023) 12 th November, 2007 1 Abstract Summary Cache based proxies cooperate behind a bottleneck
More informationIntrusion Detection System with FGA and MLP Algorithm
Intrusion Detection System with FGA and MLP Algorithm International Journal of Engineering Research & Technology (IJERT) Miss. Madhuri R. Yadav Department Of Computer Engineering Siddhant College Of Engineering,
More informationApplication Protocol Breakdown
Snort 2.0: Protocol Flow Analyzer Authors: Daniel Roelker Sourcefire Inc. Marc Norton Sourcefire Inc. Abstract The Snort 2.0 Protocol Flow Analyzer
More informationIntrusion Detection and Malware Analysis
Intrusion Detection and Malware Analysis IDS Taxonomy and Architecture Pavel Laskov Wilhelm Schickard Institute for Computer Science IDS functionality IDS functionality Restrict access to legitimate service
More informationAn Automated System for Data Attribute Anomaly Detection
Proceedings of Machine Learning Research 77:95 101, 2017 KDD 2017: Workshop on Anomaly Detection in Finance An Automated System for Data Attribute Anomaly Detection David Love Nalin Aggarwal Alexander
More information10x Increase Your Team s Effectiveness by Automating the Boring Stuff
SESSION ID: TTA-R02 10x Increase Your Team s Effectiveness by Automating the Boring Stuff Jonathan Trull Chief Cybersecurity Advisor Microsoft @jonathantrull Vidhi Agarwal Senior Program Manager Microsoft
More informationHYBRID HONEYPOT -SYSTEM FOR PRESERVING PRIVACY IN NETWORKS
HYBRID HONEYPOT -SYSTEM FOR PRESERVING PRIVACY IN NETWORKS K.SURESH, KUSH KUMAR YADAV, R.SRIJIT, KARTHIK.P.BHAT STUDENT 3 rd YEAR - INFORMATION TECHNOLOGY SRI SAIRAM ENGINEERING COLLEGE, WEST TAMBARAM,
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationFault-Aware Flow Control and Multi-path Routing in Wireless Sensor Networks
Fault-Aware Flow Control and Multi-path Routing in Wireless Sensor Networks X. Zhang, X. Dong Shanghai Jiaotong University J. Wu, X. Li Temple University, University of North Carolina N. Xiong Colorado
More information