Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SnIPS Implementation and GUI Tsung-Hsi Wu, M.S.E. Department of Computing and Information Science Kansas State University.

Published bySilas Bryan Modified over 9 years ago

Similar presentations

Presentation on theme: "1 SnIPS Implementation and GUI Tsung-Hsi Wu, M.S.E. Department of Computing and Information Science Kansas State University."— Presentation transcript:

1 1 SnIPS Implementation and GUI Tsung-Hsi Wu, M.S.E. Department of Computing and Information Science Kansas State University

2 2 Outline Project Overview Prototype Project Requirements Cost Estimation Software Quality Assurance Plan Phase 2 Deliverables Q&A

3 3 Outline Project Overview Prototype Project Requirements Cost Estimation Software Quality Assurance Plan Phase 2 Deliverables Q&A

4 4 Project Overview SnIPS Background - Snort Intrusion Analysis using Proof Strengthening. - Dr. Simon Ou, Siva Raj Rajagopalan (HP Labs), and Sakthiyuvaraja Sakthivelmurugan - An Empirical Approach to Modeling Uncertainty in Intrusion Analysis, 25th Annual Computer Security Applications Conference (ACSAC). - Reason Under Uncertainty.

5 5 Project Overview Reasoning Engine Which machines are “certainty” compromised ? Answers with evidence Observation Correspondence Internal Model Pre – Processing –> Datalog tuples SnortNetflow filterLog analyzer Reason Under Uncertainty - open source network intrusion detection system - compare the payload of network packets with Snort Rules - alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"ATTACK-RESPONSES 403 Forbidden"; flow:from_server,established; content:"HTTP/1.1 403"; depth:12; classtype:attempted-recon; sid:1201; rev:7;)

6 6 Project Overview Reasoning Engine Which machines are “certainty” compromised ? Answers with evidence Observation Correspondence Internal Model Pre – Processing –> Datalog tuples SnortNetflow filterLog analyzer Linux Command: sudo snort -c test.conf -i eth4 Linux Command: python alert translator.py -h Linux Command: summarize.sh Linux Command: trace.sh Linux Command: ?- show_trace(int(compromised(H),c)) GUI int(probeOtherMachine('192.168.10.80',external),c,range(1904834156,0)) strengthenedPf int(probeOtherMachine('192.168.10.80',external),l,range(1904834156,0)) summarizedFact skolem(0) int(skol(probeOtherMachine('192.168.10.80',external)),p,range(1039206444,1904834156)) intRule_1f int(compromised('192.168.10.80'),l,range(1039206444,1039206444)) summarizedFact skolem(10) obs(oid_1, snort('1:469', '128.111.49.46', '192.168.10.90', 1039203853)). obs(oid_2, snort('1:469', '128.111.43.65', '192.168.10.80', 1039203994)). int(probeOtherMachine('192.168.10.80',external),l,skolem(0),range(1039206341,1039207768)). int(suspicious(external,'192.168.10.90'),p,skolem(9),range(1039205847,1039205847)). int(compromised('192.168.10.80'),l,skolem(10),range(1039206444,1039206444)). GUI

7 7 Project Overview Motivation - Need friendly user interface - What triggers the “Snort Alerts ” Goal - GUI - Implementation -> Backtrack the alerts -> Payload triggers Snort Rules

8 8 Outline Project Overview Prototype Project Requirements Cost Estimation Software Quality Assurance Plan Phase 2 Deliverables Q&A

9 9 Prototype Demo GUI Framework SnIPS Visualized Output http://people.cis.ksu.edu/~tsuhsiwu/

10 10 Outline Project Overview Prototype Project Requirements Cost Estimation Software Quality Assurance Plan Phase 2 Deliverables Q&A

11 11 Project Requirements SnIPS GUI Framework Use Case – SnIPS GUI Component

12 12 Project Requirements SnIPS GUI Framework - SR 1.1: SnIPS GUI must be extendible -> Object Oriented Design

13 13 Project Requirements Use Case – SnIPS GUI Component

14 14 Project Requirements Use Case – SnIPS GUI Component - SR 2(critical): Start and Stop Snort - SR 3(critical): Fetch alerts from MySQL - SR 4(critical): Fetch alerts based on time frame - SR 5(critical): Manage Snort Rules - SR 6(critical): Specify Configuration & Host Info - SR 7(critical): Run Pre-Processing & Reasoning - SR 8(critical): Webpage for Reasoning Engine Output - SR 9(non-critical): Represent Output in Graphical View

15 15 Outline Project Overview Prototype Project Requirements Cost Estimation Software Quality Assurance Plan Phase 2 Deliverables Q&A

16 16 Cost Estimation Work Breakdown Structure (WBS) - Tree Structure Diagram Software Artifact Sets (from Walker Royce): - Requirement Set - Design Set - Implementation Set - Deployment Set - Management Set

17 17 Cost Estimation Work Breakdown Structure (WBS) Management SetRequirement SetDesign Set Implementatio n Set Deployment Set Artifact 1. SQAP 2. Project Plan 1.0 3. Project Plan 2.0 4. Project Evaluation. 5. Test Plan 1.0 6. Testing Evaluation 7. Assessment Evaluation. 8. Formal Requirement Specification 9. Formal Technical Inspection 10. Reference 11. Formal Technical Inspection letters 1. Vision Document 1.0 2. Vision Document 2.0 1. Architectural Design. 2. Component Design. 1. Prototype 1.0 2. Prototype 2.0 3. Final Project 1. User Manual.

18 18 Cost Estimation Work Breakdown Structure (WBS) SnIPS Phase 1Phase 2Phase 3  Management. Set  Requirement. Set  Implementation. Set  Management. Set  Requirement. Set  Design Set  Implementation. Set  Management Set  Design Set  Implementation. Set  Deployment. Set

19 19 Cost Estimation – Phase 1 WBS Phase 1 Management SetRequirement SetImplementation Set 1. Project Plan 1.0 2. SQAP 3. Vision Doc.1.04. Prototype 1.0 TaskEstimated Duration of TaskTask Dependencies Project Plan 1.0 30 hr (10 pages * 3hrs/page ≒ 30) Vision Document 1.0 SQAP 20 hr (7 pages * 3hrs/page ≒ 30) Vision Document 1.0, Project Plan 1.0 Vision Document 1.0 30 hr (10 pages * 3hrs/page ≒ 30) Prototype 1.040 hr (1200 LOC * 30LOC/HR)

20 20 Cost Estimation – Phase 2 WBS Phase 2 Management SetRequirement SetImplementation Set 1. Project Plan 2.0 2. Formal Requirement Specification 3. Formal Technical Inspection 4. Test Plan 1.0 5. Vision Doc.2.07. Prototype 2.0 Design Set 6. Architectural Design 1.0 TaskEstimated Duration of TaskTask Dependencies Project Plan 2.0 15 hr (10 pages * 1.5 hrs/page ≒ 30) Vision Document 2.0 Formal Requirement Specification 15 hr (5 pages * 3 hrs/page ≒ 30) Vision Document 2.0 Formal Technical Inspection 2 hr Formal Requirement Specification Test Plan 1.0 15 hr (5 pages * 3 hrs/page ≒ 30) Architectural Design 1.0 Vision Document 2.0 15 hr (10 pages * 1.5 hrs/page ≒ 30) Architectural Design1.0 45 hr (15 pages * 3 hrs/page ≒ 45) Project Plan 2.0 Prototype 2.0 80 hr ( 40 * 2 ≒ 80)

21 21 Cost Estimation – Phase 3 WBS Phase 3 Management SetDesign SetDeployment Set 1. Project Evaluation 2. Testing Evaluation 3. Assessment Evaluation 4. Reference 5. Formal Technical Inspection Letters 6. Component Design8. User Manual Implementation Set 7. Final Project TaskEstimated Duration of TaskTask Dependencies Project Evaluation 15 hr (5 pages * 3 hrs/page ≒ 15) Testing Evaluation 15 hr (5 pages * 3 hrs/page ≒ 15) Final Project Assessment Evaluation 15 hr (5 pages * 3 hrs/page ≒ 15) Testing Evaluation Reference 3 hr (1 pages * 3 hrs/page ≒ 3) Project and Assessment Evaluation Formal Tech. Inspection. Letters2 hrTesting Evaluation Component Design 45 hr (15 pages * 3 hrs/page ≒ 45) Final Project 120 hr ( 40 * 3 ≒ 120) User Manual 15 hr (5 pages * 3 hrs/page ≒ 15) Testing Evaluation

22 22 Cost Estimation – Project Timeline

23 23 Outline Project Overview Prototype Project Requirements Cost Estimation Software Quality Assurance Plan Phase 2 Deliverables Q&A

24 24 Software Quality Assurance Plan Documentation: http://people.cis.ksu.edu/~tsuhsiwu/ Standards, Practices, Convention, and Metrics Reviews and Audits Testing Problem Reporting and Corrective Action Tool, Techniques, and Methodologies Records collection, Maintenance, and Retention

25 25 Phase 2 Deliverables Vision Document 2.0 Project Plan 2.0 Architectural Design 1.0 Prototype 2.0 Test Plan 1.0 Formal Requirements Specification Formal Technical Inspection

26 26 Questions & Answers SnIPS Implementation and GUI

Download ppt "1 SnIPS Implementation and GUI Tsung-Hsi Wu, M.S.E. Department of Computing and Information Science Kansas State University."

Similar presentations

Medical Device Software Development

Medical Device Software Development
Airline Reservation System

Airline Reservation System
An empirical approach to modeling uncertainty in Intrusion Analysis Xinming (Simon) Ou 1 S. Raj Rajagopalan 2 Sakthi Sakthivelmurugan 1 1 – Kansas State.

An empirical approach to modeling uncertainty in Intrusion Analysis Xinming (Simon) Ou 1 S. Raj Rajagopalan 2 Sakthi Sakthivelmurugan 1 1 – Kansas State.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
1 Software Testing and Quality Assurance Lecture 13 - Planning for Testing (Chapter 3, A Practical Guide to Testing Object- Oriented Software)

1 Software Testing and Quality Assurance Lecture 13 - Planning for Testing (Chapter 3, A Practical Guide to Testing Object- Oriented Software)
1 SnIPS Implementation and GUI 3 rd Presentation Tsung-Hsi Wu, M.S.E. Department of Computing and Information Science Kansas State University.

1 SnIPS Implementation and GUI 3 rd Presentation Tsung-Hsi Wu, M.S.E. Department of Computing and Information Science Kansas State University.
1 sqa13b IEEE Standard for SQAP u IEEE Std 730-1989 –Standard for Software Quality Assurance Plans –12 pages u IEEE Guide for Software Quality Assurance.

1 sqa13b IEEE Standard for SQAP u IEEE Std –Standard for Software Quality Assurance Plans –12 pages u IEEE Guide for Software Quality Assurance.
GPN 2009 May 29, Kansas City, Missouri An open security defense architecture for open collaborative cyber infrastructures Xinming (Simon) Ou Kansas State.

GPN 2009 May 29, Kansas City, Missouri An open security defense architecture for open collaborative cyber infrastructures Xinming (Simon) Ou Kansas State.
Sixth Hour Lecture 10:30 – 11:20 am, September 9 Framework for a Software Management Process – Artifacts of the Process (Part II, Chapter 6 of Royce’ book)

Sixth Hour Lecture 10:30 – 11:20 am, September 9 Framework for a Software Management Process – Artifacts of the Process (Part II, Chapter 6 of Royce’ book)
Using UML, Patterns, and Java Object-Oriented Software Engineering Royce’s Methodology Chapter 16, Royce’ Methodology.

Using UML, Patterns, and Java Object-Oriented Software Engineering Royce’s Methodology Chapter 16, Royce’ Methodology.
© ABB AB, Corporate Research - 1 5/19/2015 abb Project Breakdown Structure Creation.

© ABB AB, Corporate Research - 1 5/19/2015 abb Project Breakdown Structure Creation.
Stepan Potiyenko ISS Sr.SW Developer.

Stepan Potiyenko ISS Sr.SW Developer.
SE 470 Software Development Processes James Nowotarski 21 April 2003.

SE 470 Software Development Processes James Nowotarski 21 April 2003.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Your Presentation Title Names of Team members Advisor name EE496A Midterm Presentation Fall, 2006.

Your Presentation Title Names of Team members Advisor name EE496A Midterm Presentation Fall, 2006.
1 Lecture 5 Introduction to Software Engineering Overview  What is Software Engineering  Software Engineering Issues  Waterfall Model  Waterfall Model.

1 Lecture 5 Introduction to Software Engineering Overview  What is Software Engineering  Software Engineering Issues  Waterfall Model  Waterfall Model.
Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases 1234576891011 Copyright Wonderlane Studios.

Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases Copyright Wonderlane Studios.
Software Verification and Validation (V&V) By Roger U. Fujii Presented by Donovan Faustino.

Software Verification and Validation (V&V) By Roger U. Fujii Presented by Donovan Faustino.
CORE 1: PROJECT MANAGEMENT Overview TECHNIQUES FOR MANAGING A PROJECT Communication Skills Active Listening Mirroring Paraphrasing Summarizing Clarifying.

CORE 1: PROJECT MANAGEMENT Overview TECHNIQUES FOR MANAGING A PROJECT Communication Skills Active Listening Mirroring Paraphrasing Summarizing Clarifying.
Using CLIPS to Detect Network Intrusions - (CLIPNIDS) Phase I MSE Project Sripriya Marry Committee Members Dr. David Gustafson (Major Professor) Dr. Rodney.

Using CLIPS to Detect Network Intrusions - (CLIPNIDS) Phase I MSE Project Sripriya Marry Committee Members Dr. David Gustafson (Major Professor) Dr. Rodney.

Similar presentations

Ads by Google