Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Mining BS/MS Project Anomaly Detection for Cyber Security Presentation by Mike Calder.

Published byJuliet Taylor Modified over 8 years ago

Similar presentations

Presentation on theme: "Data Mining BS/MS Project Anomaly Detection for Cyber Security Presentation by Mike Calder."— Presentation transcript:

1 Data Mining BS/MS Project Anomaly Detection for Cyber Security Presentation by Mike Calder

2 Anomaly Detection Used for cyber security –Detecting threats using network data –Detecting threats using host-based data In some domains, anomalies are detected so that they can be removed/corrected In cyber security, the anomalies are what present threats that analysts need to find 2

3 Motivation Proactive vs. reactive security –Taking a proactive approach identifies threats before they cause damage –Taking a reactive approach minimizes and recovers from damage being caused If anomalies are detected in real-time, cyber damage can be minimized/avoided 3

4 Sample Network-Based Setup These steps combine density-based clustering with network traffic anomaly detection 4 Taken from (Yan, 2013)

5 Example 3-D Resulting Dataset Clusters are shown as different colors in this visual, anomaly detection identifies the outliers 5 (axes/instances for this graph are not specified in the paper) Taken from (Yan, 2013)

6 Sample Host-Based Setup Data is intercepted at kernel level and analyzed for anomaly detection in a data warehouse 6 Taken from (Stolfo, 2005)

7 Host-Based Results The “PAD Detector” in the previous graph used probabilistic anomaly detection on the system calls logged by the interceptor When attempting to identify “malicious” processes (programs that make file accesses they aren’t expected to), PAD achieved 95% accuracy –With only a 2% false positive rate 7

8 References X. Yan. “Early Detection of Cyber Security Threats using Structured Behavior Modeling”. ACM Transactions on Information and System Security, Vol. V, No. N. 2013.X. Yan. “Early Detection of Cyber Security Threats using Structured Behavior Modeling”. ACM Transactions on Information and System Security, Vol. V, No. N. 2013. K. Ingham. “Comparing Anomaly Detection Techniques for HTTP”. Proc. 10th International Symposium on Recent Advances in Intrusion Detection. 2006.K. Ingham. “Comparing Anomaly Detection Techniques for HTTP”. Proc. 10th International Symposium on Recent Advances in Intrusion Detection. 2006. S. Stolfo. “Anomaly Detection in Computer Security and an Application to File System Accesses”. Lecture Notes in Computer Science, Vol. 3488, pp. 14-28. 2005.S. Stolfo. “Anomaly Detection in Computer Security and an Application to File System Accesses”. Lecture Notes in Computer Science, Vol. 3488, pp. 14-28. 2005. 8

Download ppt "Data Mining BS/MS Project Anomaly Detection for Cyber Security Presentation by Mike Calder."

Similar presentations

Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.

Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.
KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware Stefano Ortolani 1, Cristiano Giuffrida 1, and Bruno Crispo 2 1 Vrije Universiteit.

KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware Stefano Ortolani 1, Cristiano Giuffrida 1, and Bruno Crispo 2 1 Vrije Universiteit.
The testbed environment for this research to generate real-world Skype behaviors for analyzation is as follows: A NAT-ed LAN consisting of 7 machines running.

The testbed environment for this research to generate real-world Skype behaviors for analyzation is as follows: A NAT-ed LAN consisting of 7 machines running.
Data Mining and Intrusion Detection

Data Mining and Intrusion Detection
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.

Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
School of Computer Science and Information Systems

School of Computer Science and Information Systems
DIYTP 2009. Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)

DIYTP Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)
Data Mining BS/MS Project Clustering for Market Segmentation Presentation by Mike Calder.

Data Mining BS/MS Project Clustering for Market Segmentation Presentation by Mike Calder.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Beyond Anti-Virus by Dan Keller 1987- Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”

Beyond Anti-Virus by Dan Keller Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”
Computer Account Hijacking Detection Using a Neural Network Nick Pongratz Math 340.

Computer Account Hijacking Detection Using a Neural Network Nick Pongratz Math 340.
Data Mining BS/MS Project Decision Trees for Stock Market Forecasting Presentation by Mike Calder.

Data Mining BS/MS Project Decision Trees for Stock Market Forecasting Presentation by Mike Calder.

Similar presentations

Ads by Google