Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Agent-based Bayesian Forecasting Model for Enhancing Network Security J. PIKOULAS, W.J. BUCHANAN, Napier University, Edinburgh, UK. M. MANNION, Glasgow.

Published byBuck Franklin Modified over 8 years ago

Similar presentations

Presentation on theme: "An Agent-based Bayesian Forecasting Model for Enhancing Network Security J. PIKOULAS, W.J. BUCHANAN, Napier University, Edinburgh, UK. M. MANNION, Glasgow."— Presentation transcript:

1 An Agent-based Bayesian Forecasting Model for Enhancing Network Security J. PIKOULAS, W.J. BUCHANAN, Napier University, Edinburgh, UK. M. MANNION, Glasgow Caledonian University, Glasgow, UK. K. TRIANTAFYLLOPOULOS, University of Warwick, UK.

2 Hacking methods: IP spoofing. Packet-sniffing. Password attack. Sequence number prediction attacks. Session hi-jacking attacks. Shared library attacks. Social Engineering attacks. Technological vulnerability attack. Trust-access attacks. Hacking methods: IP spoofing. Packet-sniffing. Password attack. Sequence number prediction attacks. Session hi-jacking attacks. Shared library attacks. Social Engineering attacks. Technological vulnerability attack. Trust-access attacks. IP spoofing IP spoofing Packet sniffing Packet sniffing Packet sniffing Packet sniffing

3 Hacking methods: IP spoofing. Packet-sniffing. Password attack. Sequence number prediction attacks. Session hi-jacking attacks. Shared library attacks. Social Engineering attacks. Technological vulnerability attack. Trust-access attacks. Hacking methods: IP spoofing. Packet-sniffing. Password attack. Sequence number prediction attacks. Session hi-jacking attacks. Shared library attacks. Social Engineering attacks. Technological vulnerability attack. Trust-access attacks. Shared library Shared library Social engineering Social engineering Password attack Password attack

4 Security programs: Security enhancement software. Enhances the operating system’s security. Authentication and encryption software. Such as Kerebos, RSA, and so on. Security monitoring software. Network monitoring software. Firewall software and hardware. Security programs: Security enhancement software. Enhances the operating system’s security. Authentication and encryption software. Such as Kerebos, RSA, and so on. Security monitoring software. Network monitoring software. Firewall software and hardware. Firewall Encryption and authentication Security enhancement Security enhancement Public key Private key Public key Private key User’s public key is used to encrypt data User’s private key is used to decrypt data Encrypted data INFO ENCR INFO Operating System Operating System Security Enhancement

5 Problem with existing security methods: Centralized. They tends to be based on a central server, which can become the target of an attack. No real-time response. They tend not to be able to respond to events as they occur, and rely on expert filtering. No ability to foresee events. Problem with existing security methods: Centralized. They tends to be based on a central server, which can become the target of an attack. No real-time response. They tend not to be able to respond to events as they occur, and rely on expert filtering. No ability to foresee events. Denial-of- service Denial-of- service Centralized Many external accesses eventually reduce the accessibility of the server: such as with Yahoo.com, eBay, Amazon, CNN, ZDNet and Excite (Feb 2000). Firewall Central server Central storage Centralized security can lead to attacks as the central resource becomes the focus of attacks Financial losses (2000/01) Financial losses (2000/01) Financial losses (2000/01): 1.Virus (70%). 2.Net abuse (45%). 3.Laptop theft (45%). 4.Denial of service (21%) 5.Unauthorized access (16%). 6.System penetration (14%). 7.Sabotage (12%).

6 Agent-based distributed security system: Agents work independently from the server. This reduces the workload on the server, and also the dependency on it. Agents download the user profile from the server. The agents can then learn the profile of the user and update it when they log-out. Agents can be responsible for security. Agent-based distributed security system: Agents work independently from the server. This reduces the workload on the server, and also the dependency on it. Agents download the user profile from the server. The agents can then learn the profile of the user and update it when they log-out. Agents can be responsible for security. Distributed agent-based Distributed agent-based Centralized

7 Core Agent Core Agent Agent compares usage with forecast User agent updates the forecasting model User agent returns the updated model to the user Core agent sends forecasting information Agent reports any changes In behaviour Agent monitors Current usage User profile User profile User profile User profile User Agent User Agent User logs off Agent-based distributed security system with forecasting

8 Agent environment topology Sensor. Monitors software applications. Transmitter. Sends information to the server. Profile reader. Reads the users historical profile. Comparator. Compares user’s history with the information read by the sensor. Agent environment topology Sensor. Monitors software applications. Transmitter. Sends information to the server. Profile reader. Reads the users historical profile. Comparator. Compares user’s history with the information read by the sensor.

9 Traditional method of forecasting against Bayesian forecasting

10 Prediction model: Observation stage. In this stage the model is monitoring the user and records its behaviour. Evaluation stage. In this stage the model makes a prediction and also monitors the user actual movements and calculates the result. This stage is critical, because the model modifies itself according to the environment that it operates in. One-step prediction. In this stage the model makes a single step prediction. For example, assume that the user is logged in for 15 times and the model is configured, and it is ready to start predicting user moves. Instead of making a five or ten step prediction, like other mathematical models, our model makes a prediction for the next step. When the user logs in and out of our model, it takes the actual behaviour of the user, compares it with the one step prediction that it has performed before and calculates the error. So the next time a prediction is made for this user it will include also the data of the last user behaviour. With this procedure we maximise the accuracy of the prediction system. Prediction model: Observation stage. In this stage the model is monitoring the user and records its behaviour. Evaluation stage. In this stage the model makes a prediction and also monitors the user actual movements and calculates the result. This stage is critical, because the model modifies itself according to the environment that it operates in. One-step prediction. In this stage the model makes a single step prediction. For example, assume that the user is logged in for 15 times and the model is configured, and it is ready to start predicting user moves. Instead of making a five or ten step prediction, like other mathematical models, our model makes a prediction for the next step. When the user logs in and out of our model, it takes the actual behaviour of the user, compares it with the one step prediction that it has performed before and calculates the error. So the next time a prediction is made for this user it will include also the data of the last user behaviour. With this procedure we maximise the accuracy of the prediction system.

11 Prediction parameters: n –Window size. z – Prediction number. t – time unit. Prediction parameters: n –Window size. z – Prediction number. t – time unit. Sample parameters: n = 15 z = 5 t = 1 hr Sample parameters: n = 15 z = 5 t = 1 hr Forecasting calculation

12 Intervention Useful in responding to exception data, such as when there is not enough data about a user. Intervention Useful in responding to exception data, such as when there is not enough data about a user.

13

14

15

16

17 Bayesian mathematics: As we see in the following equation we are introducing a parameter matrix, an random matrix with left variance matrix, right variance matrix.

18 Conclusions: Fast and simple model. It requires less preparation than other models. Provides good prediction results. Requires very little storage of user activity. Small increase in CPU processing. Only a 1-2% increase in CPU processing has been measured. Model learns with very little initial settings. Other models require some initial parameter settings to make them work well. Conclusions: Fast and simple model. It requires less preparation than other models. Provides good prediction results. Requires very little storage of user activity. Small increase in CPU processing. Only a 1-2% increase in CPU processing has been measured. Model learns with very little initial settings. Other models require some initial parameter settings to make them work well.

Download ppt "An Agent-based Bayesian Forecasting Model for Enhancing Network Security J. PIKOULAS, W.J. BUCHANAN, Napier University, Edinburgh, UK. M. MANNION, Glasgow."

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
PEER-TO-PEER Is a type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architectures,

PEER-TO-PEER Is a type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architectures,
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Securing the Borderless Network March 21, 2000 Ted Barlow.

Securing the Borderless Network March 21, 2000 Ted Barlow.
Information Security Policies and Standards

Information Security Policies and Standards
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Kerberos Authenticating Over an Insecure Network.

Kerberos Authenticating Over an Insecure Network.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.

Similar presentations

Ads by Google