Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hybrid Intelligent Systems for Network Security Lane Thames Georgia Institute of Technology Savannah, GA

Published byLindsay Crawford Modified over 8 years ago

Similar presentations

Presentation on theme: "Hybrid Intelligent Systems for Network Security Lane Thames Georgia Institute of Technology Savannah, GA"— Presentation transcript:

1 Hybrid Intelligent Systems for Network Security Lane Thames Georgia Institute of Technology Savannah, GA lane.thames@gtsav.gatech.edu

2 Presentation Overview Discuss Network Security Issues Discuss the goals of this paper’s project Overview of Self Organizing Maps Overview of Bayesian Learning Networks Describe the details of the Hybrid System Review the Experimental Results Discuss Future Work and Conclusions Q&A

3 Network Security Motivation Internet Growth is Steadily Increasing Over 1 Billion Internet Users Many different types of applications are now using the Internet as a communication channel

4 Data Source: www.idc.com

5 Network Security Motivation No more “Script Kiddies” Hacking is now more than just a hobby Hackers have created their own revenue generating channels Common hacking “commodities”  Hacking software that is for sale  Corporate Extortion  Corporate Espionage  Identity Theft

6 Network Security Motivation Classical Attack Types Buffer Overflow Buffer Overflow Denial of Service (DoS) Denial of Service (DoS) Distributed Denial of Service (DDoS) Distributed Denial of Service (DDoS) Reconnaissance Reconnaissance Virus Virus Worms Worms Trojan Horse Trojan Horse

7 Network Security Motivation Hackers are using more sophisticated mechanisms  Phishing—Less Sophisticated  Easy to fool a novice user  Pharming—More Sophisticated  Easy to fool novice and expert users  DoS and DDoS—Used for extortion  Remote Root Access—Used for espionage and identity theft

8 Network Security Motivation The numbers do not lie Hackers are constantly looking for ways to cause mischief Steal your data Steal your data Handicap your machines Handicap your machines Take your money, etc, etc. Take your money, etc, etc.

9 Data Source: http://www.cert.org/stats/cert_stats.html

10 Network Security Motivation The Bottom Line: Network Security Research and Commerce is here to stay!

11 Project Goals Develop an Intelligent System that works reliably with data that can be collected purely within a Network Why? If security mechanisms are difficult to use, people will not use them. Using data from the network takes the burden off the end user

12 Hybrid Intelligent Systems A system was developed that made use of two types of Intelligence Algorithms: Self-Organizing Maps Self-Organizing Maps Bayesian Learning Networks Bayesian Learning Networks

13 Training and Testing Data Set KDD-CUP 99 Data Set The Data set used for the Third International Knowledge Discovery and Data Mining Tools Competition

14 Training and Testing Data Set 41 Total Features Categorized as: Basic TCP/IP features Basic TCP/IP features Content Features Content Features Time Based Traffic Features Time Based Traffic Features Host Based Traffic Features Host Based Traffic Features

15 Training and Testing Data Set Attack Type Categories Remote to Local Exploits Remote to Local Exploits User to Root Exploits User to Root Exploits Denial of Service Denial of Service Probing (Reconnaissance) Probing (Reconnaissance)

16 Self Organizing Maps—SOM Pioneered by Dr. Teuvo Kohonen An algorithm that transforms high dimensional input data domains to elements of a low dimensional array of nodes A fixed size grid of nodes—sometimes denoted as neurons to reflect neural net similarity

17 Self-Organizing Maps Input Data Vectors

18 Self Organizing Maps Let a parametric real set of vectors be associated with each element, i, of the SOM grid

19 Self-Organizing Maps Furthermore,

20 Self-Organizing Map A decoder function is defined on the basis of distance between the input vector and the parametric vector. The decoder function is used to map the image of the input vector onto the SOM grid. The decoder function is usually chosen to be either the Manhattan or Euclidean distance metric.

21 Self-Organizing Maps A Best Matching Unit, denoted as the index c, is chosen as the node on the SOM grid that is closest to the input vector

22 Self-Organizing Maps The dynamics of the SOM algorithm demand that the M i be shifted towards the order of X such that a set of values {M i } are obtained as the limit of convergence of the following:

23 SOM Demo The next few plots will demonstrate how the parametric vector will converge to the input data vector Demonstrate the effects of parameters on one another Display the error function for this demo

24

25

26

27

28

29 Bayesian Learning Networks--BLN A BLN is a probabilistic model built on the concept of the Directed Acyclic Graph (DAG) The DAG is a graph of nodes where each node is a random variable of interest The directed edges of the graph represent relationships among the variables If an arc is emitted from a node h to a node D, we say that h is the parent of D

30 Bayesian Learning Networks The Fundamental Equation: Bayes Theorem

31 Bayesian Learning Networks In Bayesian learning, we calculate the probability of an hypothesis and make predictions on that basis Predictions or classifications are reduced to probabilistic inference

32 Bayesian Learning Networks With BLN, we have conditional probabilities for each node given its parents The graph shows causal connections, not the flow of information thru the graph Prediction versus abduction x1x1x1x1 x3x3x3x3 x2x2x2x2 x5x5x5x5 x4x4x4x4

33 Naïve Bayesian Learning Network The Naïve BLN is a special case of the general BLN It contains one root (parent) node which is called the class variable, C The leaf nodes are the attribute variables (X 1 … X i ) It is Naïve because it assumes the attributes are conditionally independent given the class. C xixixixi x2x2x2x2 x1x1x1x1

34 The Naïve BLN Classifier Once the network is trained, it can be used to classify new examples where the attributes are given and the class variable is unobserved—abduction The Goal: Find the most probable class value given a set of attribute instantiations (X 1 … X i )

35 Naïve BLN Classifier

36 Hybrid System Architecture

37 Experimental Results 4 types of analyses were made with the dataset BLN analysis with network and host based data BLN analysis with network and host based data BLN analysis with network data BLN analysis with network data Hybrid analysis with network and host based data Hybrid analysis with network and host based data Hybrid analysis with network based data Hybrid analysis with network based data

38 Experimental Results BLN- Host/Network Based BLN- Network Based Hybrid- Host/Network Based Hybrid- Network Based Total Cases 65,50562,04765,50562,047 Correctly Classified 65,01959,73465,23861,631 % Correctly Classified 99.26%96.27%99.59%99.33% Number of Incorrectly Classified 4862315267416

39 Future and Current Work HoneyNet Project Resource Management System with Intelligent System Processing at the Core

40 Conclusion Intelligent Systems algorithms are very useful tools for applications in Network Security Experimental results show that a hybrid system built with SOM and BLN can produce very accurate responses when classifying Network based data flows which is very promising for those wishing design classification systems that do not rely on host based data

Download ppt "Hybrid Intelligent Systems for Network Security Lane Thames Georgia Institute of Technology Savannah, GA"

Similar presentations

Naïve Bayes. Bayesian Reasoning Bayesian reasoning provides a probabilistic approach to inference. It is based on the assumption that the quantities of.

Naïve Bayes. Bayesian Reasoning Bayesian reasoning provides a probabilistic approach to inference. It is based on the assumption that the quantities of.
Neural Networks Dr. Peter Phillips. The Human Brain (Recap of week 1)

Neural Networks Dr. Peter Phillips. The Human Brain (Recap of week 1)
1 Some Comments on Sebastiani et al Nature Genetics 37(4)2005.

1 Some Comments on Sebastiani et al Nature Genetics 37(4)2005.
Data Mining Classification: Alternative Techniques

Data Mining Classification: Alternative Techniques
1 Machine Learning: Lecture 10 Unsupervised Learning (Based on Chapter 9 of Nilsson, N., Introduction to Machine Learning, 1996)

1 Machine Learning: Lecture 10 Unsupervised Learning (Based on Chapter 9 of Nilsson, N., Introduction to Machine Learning, 1996)
Unsupervised learning. Summary from last week We explained what local minima are, and described ways of escaping them. We investigated how the backpropagation.

Unsupervised learning. Summary from last week We explained what local minima are, and described ways of escaping them. We investigated how the backpropagation.
5/16/2015Intelligent Systems and Soft Computing1 Introduction Introduction Hebbian learning Hebbian learning Generalised Hebbian learning algorithm Generalised.

5/16/2015Intelligent Systems and Soft Computing1 Introduction Introduction Hebbian learning Hebbian learning Generalised Hebbian learning algorithm Generalised.
Kohonen Self Organising Maps Michael J. Watts

Kohonen Self Organising Maps Michael J. Watts
Artificial neural networks:

Artificial neural networks:
X0 xn w0 wn o Threshold units SOM.

X0 xn w0 wn o Threshold units SOM.
Making Sense of Complicated Microarray Data Part II Gene Clustering and Data Analysis Gabriel Eichler Boston University Some slides adapted from: MeV documentation.

Making Sense of Complicated Microarray Data Part II Gene Clustering and Data Analysis Gabriel Eichler Boston University Some slides adapted from: MeV documentation.
Self Organizing Maps. This presentation is based on: SOM’s are invented by Teuvo Kohonen. They represent multidimensional.

Self Organizing Maps. This presentation is based on: SOM’s are invented by Teuvo Kohonen. They represent multidimensional.
1 Chapter 10 Introduction to Machine Learning. 2 Chapter 10 Contents (1) l Training l Rote Learning l Concept Learning l Hypotheses l General to Specific.

1 Chapter 10 Introduction to Machine Learning. 2 Chapter 10 Contents (1) l Training l Rote Learning l Concept Learning l Hypotheses l General to Specific.
Neural Networks Chapter 8. 8.1 Feed-Forward Neural Networks.

Neural Networks Chapter Feed-Forward Neural Networks.
KNN, LVQ, SOM. Instance Based Learning K-Nearest Neighbor Algorithm (LVQ) Learning Vector Quantization (SOM) Self Organizing Maps.

KNN, LVQ, SOM. Instance Based Learning K-Nearest Neighbor Algorithm (LVQ) Learning Vector Quantization (SOM) Self Organizing Maps.
Lecture 09 Clustering-based Learning

Lecture 09 Clustering-based Learning
Face Recognition Using Neural Networks Presented By: Hadis Mohseni Leila Taghavi Atefeh Mirsafian.

Face Recognition Using Neural Networks Presented By: Hadis Mohseni Leila Taghavi Atefeh Mirsafian.
DEEDS Meeting Oct., 26th 2006 Dependable, Embedded Systems and Software Group Department of Computer Science Darmstadt University of Technology Summary.

DEEDS Meeting Oct., 26th 2006 Dependable, Embedded Systems and Software Group Department of Computer Science Darmstadt University of Technology Summary.
 C. C. Hung, H. Ijaz, E. Jung, and B.-C. Kuo # School of Computing and Software Engineering Southern Polytechnic State University, Marietta, Georgia USA.

 C. C. Hung, H. Ijaz, E. Jung, and B.-C. Kuo # School of Computing and Software Engineering Southern Polytechnic State University, Marietta, Georgia USA.
Using Bayesian Networks for Detecting Network Anomalies Lane Thames ECE 8833 Intelligent Systems.

Using Bayesian Networks for Detecting Network Anomalies Lane Thames ECE 8833 Intelligent Systems.

Similar presentations

Ads by Google