Presentation is loading. Please wait.

Presentation is loading. Please wait.

Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar 2005-02-0129 Aneela Laeeq 2005-02-0023.

Similar presentations


Presentation on theme: "Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar 2005-02-0129 Aneela Laeeq 2005-02-0023."— Presentation transcript:

1 Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar 2005-02-0129 Aneela Laeeq 2005-02-0023

2 Neural Techniques IPS tools are based on static rules alone IPS tools are based on static rules alone Neural Techniques seek to classify all new events and highlight those that appear most threatening Neural Techniques seek to classify all new events and highlight those that appear most threatening Neural Techniques allow the security expert to be the final arbiter Neural Techniques allow the security expert to be the final arbiter

3 Fuzzy Clustering Fuzzy Clustering Creates a baseline profile of the network in various states by “training” itself Creates a baseline profile of the network in various states by “training” itself Establishes patterns and does not determine an exact profile of what a user does Establishes patterns and does not determine an exact profile of what a user does Uses algorithms that identify these patterns and separates clusters accordingly Uses algorithms that identify these patterns and separates clusters accordingly Kernel Classifier Kernel Classifier Determines which existing cluster a new event most likely belongs to Determines which existing cluster a new event most likely belongs to Classifies events according to how far away they are from the norm (any existing cluster) Classifies events according to how far away they are from the norm (any existing cluster) Events farthest away bubble to the top where administrators take manual action Events farthest away bubble to the top where administrators take manual action Uses algorithms based on non-linear distribution laws, which use statistics to track what happens over extended periods of time Uses algorithms based on non-linear distribution laws, which use statistics to track what happens over extended periods of time The Neural Security Layer

4 Clusters Clusters A set of XML files that become model filters or knowledge base for the network resource being monitored A set of XML files that become model filters or knowledge base for the network resource being monitored The knowledge base is continually updated based on: The knowledge base is continually updated based on: Results of day-to-day activities Results of day-to-day activities Data from third-party sources, such as IDS signatures Data from third-party sources, such as IDS signatures

5 Six Steps to Producing Security Intelligence 1) Designate Data: Data can be system log entries or any other raw or formatted measure of activity in the environment. 2) Model Analyst Expertise: Variables, weights, centers and pertinent even knowledge comprise the analytic or data mining model are configured based on the specific analysis requirements and the unique attributes of the particular environment. 3) Train Model: Process of organizing the designated security data into multi-dimensional “event vectors” within the context of the analytic models. This establishes the baseline activity. 4) Generate Knowledge: Live or offline data is compared against the contents of the training baseline and classified accordingly. 5) Teach Model: User-supervision and infusion of expert knowledge essential to accurate event classification and system base-lining and to filter out non-threatening anomalous activity. 6) Leverage Knowledge: System output is invaluable for the real-time or offline analysis, detection and prevention of any type of potentially internal and external criminal activity or system misuse.


Download ppt "Neural Technology and Fuzzy Systems in Network Security Project Progress Group 2: Omar Ehtisham Anwar 2005-02-0129 Aneela Laeeq 2005-02-0023."

Similar presentations


Ads by Google