Information Visualization for an Intrusion Detection System Ching-Lung Fu James Blustein Daniel Silver.

Slides:



Advertisements
Similar presentations
From the eyes of an Administrator A general overview of e-CFunds Administrative Site, including navigation and exploring the features of this powerful.
Advertisements

Slide 1 Insert your own content. Slide 2 Insert your own content.
Decision Support and Artificial Intelligence Jack G. Zheng May 21 st 2008 MIS Chapter 4.
Decision Support and Artificial Intelligence Jack G. Zheng July 11 th 2005 MIS Chapter 4.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
eClassifier: Tool for Taxonomies
HOW TO USE … SAMIEEE FOR VOLUNTEER POSITIONS WITH AUTOMATIC ACCESS.
Debugging in End- User Software Engineering summarized by Andrew Ko Toward Sharing Reasoning to Improve Fault Localization in Spreadsheets Joey Lawrance,
NetSEC: metrology-based application for network security Jean-François SCARIOT Bernard MARTINET Centre Interuniversitaire de Calcul de Grenoble TNC 2002.
Using Family Connection On-line Resource for Planning & Advising Overview for Parents Brien McMahon High School Guidance Department
1 Secure Online Presence Savio Fernandes
Exponents You will have 20 seconds to complete each of the following 16 questions. A chime will sound as each slide changes. Read the instructions at.
0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
1 Adding a statistics package Module 2 Session 7.
13.1 Vis_2003 Data Visualization Lecture 13 Visualization of Very Large Datasets.
© 2012 Gigamon. All rights reserved. The Dynamic World of Threat Detection, Containment & Response 1.
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
When Keyboards are drawn - Urban Information Warfare Ofer Shezaf, Xiom February
The Internet and the World Wide Web. Una DooneySlide 2Internet and WWW What is the Internet? This is the physical infrastructure or backbone of computers,
Using Family Connection Online Resource for Planning & Advising.
© 2008 Security-Assessment.com 1 Time Based SQL Injection Presented by Muhaimin Dzulfakar.
Sentiment Analysis and The Fourth Paradigm MSE 2400 EaLiCaRA Spring 2014 Dr. Tom Way.
Service Access Management Tool Tour: Contract Number
ECATS RCCA CAMP PROCESS ENHANCEMENTS
Jonathan Berry President & CEO Leveraging a Help Desk as part of a Hyperion Center of Excellence Copyright © 2014, Accelatis.
O X Click on Number next to person for a question.
5.9 + = 10 a)3.6 b)4.1 c)5.3 Question 1: Good Answer!! Well Done!! = 10 Question 1:
Interview Question Types
1 Directed Depth First Search Adjacency Lists A: F G B: A H C: A D D: C F E: C D G F: E: G: : H: B: I: H: F A B C G D E H I.
The 20th International Conference on Software Engineering and Knowledge Engineering (SEKE2008) Department of Electrical and Computer Engineering
Security metrics in SCADA system Master of Computer and Information Science Student: Nguyen Duc Nam Supervisor: Elena Sitnikova.
Past Tense Probe. Past Tense Probe Past Tense Probe – Practice 1.
Addition 1’s to 20.
Test B, 100 Subtraction Facts
11 = This is the fact family. You say: 8+3=11 and 3+8=11
Week 1.
1 Creating a Data Backup Oakland University University Relations Updated - June 2006.
O X Click on Number next to person for a question.
Screen 1 of 20 Reporting Food Security Information Reporting for Results Learning Objectives At the end of this lesson you will be able to: understand.
Graphical User Interface Design
Chapter 12 User Interface Design
State Technology Annual Report Register (STARR) Super User Training 1.
Student Interface for Online Testing Training Module Copyright © 2014 American Institutes for Research. All rights reserved.
Student Interface for Online Testing Training Module Copyright © 2014 American Institutes for Research. All rights reserved.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.
Alert Correlation for Extracting Attack Strategies Authors: B. Zhu and A. A. Ghorbani Source: IJNS review paper Reporter: Chun-Ta Li ( 李俊達 )
Masquerade Detection Mark Stamp 1Masquerade Detection.
11 C H A P T E R Artificial Intelligence and Expert Systems.
CSCD 434 Network Security Spring 2014 Lecture 1 Course Overview.
Note1 (Admi1) Overview of administering security.
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
Artificial Intelligence and Expert Systems. ARTIFICIAL INTELLIGENCE (AI) is the science of R L Being able to Ability to solve a problem.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
Pad++: A Zooming Graphical Interface for Exploring Alternate Interface Physics Presented By: Daniel Loewus-Deitch.
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
Data Mining With SQL Server Data Tools Mining Data Using Tools You Already Have.
Collaborative Filtering - Pooja Hegde. The Problem : OVERLOAD Too much stuff!!!! Too many books! Too many journals! Too many movies! Too much content!
3 Do you monitor for unauthorized intrusion activity?
Intrusion Control.
CSCD 434 Network Security Spring 2012 Lecture 1 Course Overview.
Intrusion Detection with Neural Networks my awesome graphic ↑
3 Do you monitor for unauthorized intrusion activity?
3 Do you monitor for unauthorized intrusion activity?
Presentation transcript:

Information Visualization for an Intrusion Detection System Ching-Lung Fu James Blustein Daniel Silver

2 Overview Research Objective: Research Objective: explore / discover factors for building a better IDS (network based) explore / discover factors for building a better IDS (network based) Initial stage of our research Initial stage of our research Short comings of IDS Short comings of IDS Spatial Hypertext / visualization Spatial Hypertext / visualization ML & UM + IDS + SH ML & UM + IDS + SH Recent Update Recent Update Revisit the IDS users Revisit the IDS users

3 Problem Source Rule based IDS Rule based IDS resulting a network too restricted to be used, or resulting a network too restricted to be used, or an IDS vulnerable to new types of attacks an IDS vulnerable to new types of attacks Machine Learning based IDS, high errors Machine Learning based IDS, high errors Training Data imbalance: available “real-attack” training examples are scarce Training Data imbalance: available “real-attack” training examples are scarce A machine learning algorithm need to “see” enough examples to generalize to “unseen” future examples A machine learning algorithm need to “see” enough examples to generalize to “unseen” future examples Ambiguous data Ambiguous data Could a human expert do better? Could a human expert do better? Current Machine Learning algorithms cannot generalize better than humans Current Machine Learning algorithms cannot generalize better than humans

4 Problem Source High false detections High false detections Preventing immediate response to the real attacks Preventing immediate response to the real attacks User’s trust User’s trust Unusable IDS  Most system admins now attend to the problem after the attack or after the damage has been done. Unusable IDS  Most system admins now attend to the problem after the attack or after the damage has been done.

5 Alternative IDS Reduce the dependability on detection mechanism Reduce the dependability on detection mechanism Visual intelligence Visual intelligence harnessing human abilities harnessing human abilities keeps humans “in the loop” keeps humans “in the loop” contributing judgment and sharing some responsibility contributing judgment and sharing some responsibility personal involvement & empowerment personal involvement & empowerment

6 Alternative IDS A visualization + machine learning tool could provide the answer A visualization + machine learning tool could provide the answer

7 SH as a visualization mechanism Information Triage Information Triage What is Spatial Hypertext (SH) ? What is Spatial Hypertext (SH) ? Graphic workspace with freely manipulable objects. Graphic workspace with freely manipulable objects. Relationship represented by color, proximity, alignment, containment, etc. Relationship represented by color, proximity, alignment, containment, etc. Ambiguity & implicit Ambiguity & implicit Examples in the next few pages Examples in the next few pages

8 SH – example 1

9

10 Power of Visualization example 2

11 An on-line example

12 SH as a visualization mechanism - continued Emerging information Emerging information Human has excellent visual intelligence Human has excellent visual intelligence Able to contain lot of information Able to contain lot of information Please see my poster for a new developing framework Please see my poster for a new developing framework

13 Challenges The information visualization cannot be effective if the machine learning components cannot deliver accurate information The information visualization cannot be effective if the machine learning components cannot deliver accurate information The publicly available testing dataset are not good enough The publicly available testing dataset are not good enough Data ambiguity always exist Data ambiguity always exist The ML algorithms are not the bottleneck, feature extraction processes are The ML algorithms are not the bottleneck, feature extraction processes are The ML algorithms may be used to “mine” the features used directly by visualization tools; human eyes detect the anomalies The ML algorithms may be used to “mine” the features used directly by visualization tools; human eyes detect the anomalies

14 Revisit the IDS users Most of them still rely on primitive tools Most of them still rely on primitive tools IDS are completely not trusted IDS are completely not trusted Response to problems only after complaints have been made Response to problems only after complaints have been made Many organizations refuse the visit as they do not have an IDS — “Security through obscurity” Many organizations refuse the visit as they do not have an IDS — “Security through obscurity” Some organizations simply unplug the important system from the network to avoid unnecessary exposures Some organizations simply unplug the important system from the network to avoid unnecessary exposures

15 Conclusion Improve current ML based IDS as a component Improve current ML based IDS as a component Data Mining on features for information visualization Data Mining on features for information visualization Spatial Hypertext – a hybrid approach in which information visualization complements the IDS Spatial Hypertext – a hybrid approach in which information visualization complements the IDS

16 Questions ? Ching-Lung Fu Dalhousie Computer Science

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.