Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

Slides:

Advertisements

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Advertisements

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.

Anomaly Based Intrusion Detection System

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.

A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of.

Data Mining and Intrusion Detection

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

IDS/IPS Definition and Classification

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

IBM Security Network Protection (XGS)

Introduction (Pendahuluan)  Information Security.

seminar on Intrusion detection system

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Design and Implementation of SIP-aware DDoS Attack Detection System.

Lecture 11 Intrusion Detection (cont)

Department Of Computer Engineering

Intrusion Detection System Marmagna Desai [ 520 Presentation]

WAC/ISSCI Automated Anomaly Detection Using Time-Variant Normal Profiling Jung-Yeop Kim, Utica College Rex E. Gantenbein, University of Wyoming.

Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.

1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.

Towards A User-Centric Identity-Usage Monitoring System - ICIMP Daisuke Mashima and Mustaque Ahamad College of Computing Georgia Institute of Technology.

A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY Presented by:Manoj Kumar Gantayat CS: Technical Seminar Presentation by MANOJ KUMAR GANTAYAT.

A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet.

Network Intrusion Detection Using Random Forests Jiong Zhang Mohammad Zulkernine School of Computing Queen's University Kingston, Ontario, Canada.

IIT Indore © Neminah Hubballi

Intrusion Detection Techniques for Mobile Wireless Networks Zhang, Lee, Yi-An Huang Presented by: Alex Singh and Nabil Taha.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

Optimal Activation of Intrusion Detection Agents for Wireless Sensor Networks Yulia Ponomarchuk and Dae-Wha Seo Kyungpook National University, Republic.

1 / 18 Fariba alamshahi Secure Routing and Intrusion Detection in Ad Hoc Networks Supervisor: Mr.zaker Translator: fariba alamshahi.

Signature Based and Anomaly Based Network Intrusion Detection

INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.

23-aug-05Intrusion detection system1. 23-aug-05Intrusion detection system2 Overview of intrusion detection system What is intrusion? What is intrusion.

Operating system Security By Murtaza K. Madraswala.

HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.

Android Mobile Security Krystal Salerno. Introductions.

Protecting Satellite Networks from Disassociation DoS Attacks Protecting Satellite Networks from Disassociation DoS Attacks (2010 IEEE International Conference.

Second Line Intrusion Detection Using Personalization DISA Sponsored GWU-CS.

Intrusion Detection State of the Art/Practice Anita Jones University of Virginia.

Cryptography and Network Security Sixth Edition by William Stallings.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Intrusion Detection System

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

Computer threats, Attacks and Assets upasana pandit T.E comp.

Anomaly Detection. Network Intrusion Detection Techniques. Ştefan-Iulian Handra Dept. of Computer Science Polytechnic University of Timișoara June 2010.

Approaches to Intrusion Detection statistical anomaly detection – threshold – profile based rule-based detection – anomaly – penetration identification.

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

Some Great Open Source Intrusion Detection Systems (IDSs)

Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.

MANAGEMENT AND METHODS OF MOBILE IP SECURITY

MadeCR: Correlation-based Malware Detection for Cognitive Radio

Intrusion Control.

QianZhu, Liang Chen and Gagan Agrawal

Outline Introduction Characteristics of intrusion detection systems

Operating system Security

Authors Bo Sun, Fei Yu, Kui Wu, Yang Xiao, and Victor C. M. Leung.

Intrusion Detection Systems

Jeyanthi Hall Ph.D. Candidate - Carleton University

Net301 LECTURE 11 11/23/2015 Lect13 NET301.

Security in SDR & cognitive radio

LM 7. Mobile Network Overview

Presentation transcript:

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented by Anil Karamchandani

Introduction Importance of Cellular phones. Due to the open radio transmission environment and the physical vulnerability of mobile devices, security is a cause of concern. 2 Approaches to protect a system 1.Prevention based approach 2.Detection based approach

Prevention and Detection Based Approach Prevention based approach : Encryption and authentication – Thus allows legitimate users from entering the system. Detection based approach: IDS ( Intrusion detection systems) Misuse based detection – used to detect known used patters Anomaly based detection – 1.Used to detect known and unknown patterns. 2.Creates a profile for user behavior and path and compares it with the current activity. 3.Deviation observed is reported

Goal ! To design a mobility based anomaly detection scheme 1.To provide an optional service to end users. 2.A useful administration tool to service providers.

Assumptions 1.There exists a mobility database for each mobile user that describes it normal activities. 2.Once the device has been compromised all the security details are available to the attacker. 3.All users have got a regular itinerary.

Mobility Based Anomaly Detection Schemes LZ Based Intrusion detection : Markov-Based Anomaly Detection. LZ Based Intrusion detection : – 1.Feature Extraction – 2.Optimised data compression – 3.Probability Calculation – Markov model is used. – 4.Anomaly detection algorithm

LZ Based Intrusion Detection Feature Extraction : General pattern of the cellular mobile network is formed for each user.( without data compression) Maintenance of Data Dictionary. Explain Data Compression. Probability Calculation. M=1 M>1 Next event Next event depends on the only depends multiple M events in the past. on the last event in the past. Anomaly detection algorithm. – Integration of EWMA into mobile tire.( changed frequency)

Algorithm for Data Dictionary and Compression

Anomaly detection algorithm

Markov Based Anomaly Detection P(X(t+1)) = N(j)/N X(t) = state visited by the user or the users activity at time t. N is the total number of observations N(j) total number of observations of destination. Eg abc – bade go from a to e = 1/1.

Difference between Markov and LZ based algorithm LZ LZ has compression Has EWMA There exists a concept of Modified frequency Markov In Markov there is No compression No EWMA Only one frequency exists

Conclusion (cont) Detection Rate : The detection rate of the LZ-based scheme is higher than those of Markov based schemes with different orders Reason – Use of EWMA in LZ Detection rate of all schemes increases with the increase in mobility. Thus the detection rate is improved in case of mobility.

Conclusion False Alarm Rate : False alarm rate of LZ is lower than that of Markov, this is due to EWMA used in LZ As the mobility increases the false alarm rate decreases.