Intrusion Detection: Game Theory, Stochastic Processes and Data Mining
|
|
|
- Brian Evans
- 8 years ago
- Views:
Transcription
1 Intrusion Detection: Game Theory, Stochastic Processes and Data Mining Joseph Spring 7COM1028 Secure Systems Programming 1
2 Discussion Points Introduction Firewalls Intrusion Detection Schemes Models Stochastic Profiling (Anomaly Detection) Rule Based (Anomaly Detection & Expert Systems) SNORT and BRO Game Theory Stochastic Processes Data Mining 2
3 Introduction Defence We have discussed the role of firewalls and cryptography (in the form of VPN s) employed as cybersecurity defence tools at the perimeter of systems that we seek to defend Detection We have also discussed the role and nature of intrusion detection schemes employed as cybersecurity tools for the detection of penetrations into systems that we seek to protect 3
4 Introduction Detection In particular we have considered A taxonomy of attackers Audit Records Stochastic Profiling (Anomaly Detection) Rule Based (Anomaly Detection & Expert Systems) Examples include and are by no means limited to: SNORT BRO» Gauges and Metrics 4
5 Introduction Papers We have during the last three weeks been reading a selection of recent intrusion detection papers We consider three areas from the perspectives of: Game Theory Game theoretic models for detecting network intrusions Stochastic Processes First order versus higher order stochastic models for computer intrusion detection Data Mining Network intrusion detection using data mining and network behaviour analysis 5
6 Introduction Areas considered for each model: 1. Understand the Problem 2. What are the Assumptions 3. What is the Model 4. What is the Solution 5. Is the solution fit for purpose 6
7 Introduction Game Theory Game theory has been successfully applied to many areas: economics, political science, control, computer science, quantum information, is seen as appropriate mathematical framework for the Analysis Modeling Decision and control of information security and intrusion detection For intrusion detection we model attackers and intrusions detection systems as players in a non cooperative game 7
8 Game Theory Model The Problem Intrusion detection systems are required as a second line of defense, in order to detect intrusion and generate an appropriate response Detection is typically carried out by monitoring and analyzing network traffic data for unusual activity Approach 1: Analyze all of the data Costly in terms of time, energy and resources (memory, CPU) Approach 2: Analyze a portion of the traffic (sampling) Less costly, but can miss potential intrusions due to sampling methodology, smart intruders, cooperative intruders building intrusion via multiple independent fragments 8
9 Game Theory Model The Problem Problem: To find a strategy that enhances the probability of detecting intruders whilst using a sampling approach 9
10 Game Theory Model Assumptions For intrusion detection we can model attackers and intrusions detection systems as players in a non cooperative game 10
11 Game Theory Model Model 1 Smart intruder Ability to divide an intrusion into different fragments to attack a particular node to select the routing paths used to inject fragments in attempt to decrease the chance of being detected IDS objective to sample according to sampling budget to collect at least m out of n fragments, where n denotes the total number of fragments, m the min # fragments for successful detection 11
12 Game Theory Model Model 2 Group of cooperative intruders Ability to send series of fragments from different sources using different routes IDS objective to divide the sampling budget over the intruders to sample for each one according to the new budget to collect and analyze all fragments (required in order to detect an intrusion) 12
13 Game Theory Model 1. The intention of the game theoretic model is to guide the IDS toward an optimal sampling strategy in order to detect malicious packets 2. The strategy of the attacker is to evaluate the probability of choosing each path upon which to send its malicious packet 3. The optimal strategy for the IDS is therefore to assign sampling rates to each link, maximizing the probability of detection without exceeding the total sampling budget We consider Model 1 13
14 Game Theory Model 1 Setting up the Problem Network Model and Assumptions Introducing the Games Game objectives and Constraints Strategies for the Two Players Game Formulation Single Intruder with Multiple Packets Solution Evaluation Numerical Simulations 14
15 Stochastic Processes For this approach we have discussed profile based anomaly detection methods rule based anomaly detection methods Discuss each of these approaches under the following headings: What is the Problem? What are the Assumptions? What are the Models? What are the Solutions? Are the solutions fit for purpose? 15
16 Data Mining, NBA and IDS Data Mining Techniques Feature Selection Data Analysis Classification Analysis Clustering Analysis Association and Correlation Analysis Stream Data Analysis Distributed Data Mining Visualisation and Querying Tools Network Behaviour Analysis 16
17 Summary Introduction Firewalls Intrusion Detection Schemes Models SNORT and BRO Stochastic Profiling (Anomaly Detection) Rule Based (Anomaly Detection & Expert Systems) Game Theory Stochastic Processes Data Mining 17
18 Reference
CSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Intrusion Detection System 1 Intrusion Definitions A set of actions aimed to compromise the security
A Game Theoretic Model to Handle Network Intrusions over Multiple Packets
A Game Theoretic Model to Handle Network Intrusions over Multiple Packets Mona Mehrandish, Chadi M. Assi, and Mourad Debbabi Concordia Institute for Information Systems Engineering Concordia University,
A Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13
COURSE TITLE : INFORMATION SECURITY COURSE CODE : 5136 COURSE CATEGORY : ELECTIVE PERIODS/WEEK : 4 PERIODS/SEMESTER : 52 CREDITS : 4 TIME SCHEDULE MODULE TOPICS PERIODS 1 Introduction to Computer Security
Intrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
NETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
Data Mining For Intrusion Detection Systems. Monique Wooten. Professor Robila
Data Mining For Intrusion Detection Systems Monique Wooten Professor Robila December 15, 2008 Wooten 2 ABSTRACT The paper discusses the use of data mining techniques applied to intrusion detection systems.
Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott
Symantec Enterprise Firewalls From the Internet Thomas Symantec Firewalls Symantec offers a whole line of firewalls The Symantec Enterprise Firewall, which emerged from the older RAPTOR product We are
Network Security A Decision and Game-Theoretic Approach
Network Security A Decision and Game-Theoretic Approach Tansu Alpcan Deutsche Telekom Laboratories, Technical University of Berlin, Germany and Tamer Ba ar University of Illinois at Urbana-Champaign, USA
Marlicia J. Pollard East Carolina University ICTN 4040 SECTION 602 Mrs. Boahn Dr. Lunsford
Intrusion Detection Marlicia J. Pollard East Carolina University ICTN 4040 SECTION 602 Mrs. Boahn Dr. Lunsford For this term paper I will be discussing the subject of Intrusion detection. I will be going
U.S. Army Research, Development and Engineering Command. Cyber Security CRA Overview
U.S. Army Research, Development and Engineering Command Cyber Security CRA Overview Dr. Ananthram Swami, ST Network Science 18FEB 2014 Cyber Security Collaborative Research Alliance A Collaborative Venture
SURVEY OF INTRUSION DETECTION SYSTEM
SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT
Salvatore J. Stolfo 606 CEPSR 646.775.6043. Email: sal@cs.columbia.edu
CSW6998 Topics in Computer Science: Intrusion and Anomaly Detection Systems Fall 2004 Monday 4:10pm 6:00pm 13 September 13 December 253 Engineering Terrace Salvatore J. Stolfo
Firewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
IDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
Protecting Mobile Devices From TCP Flooding Attacks
Protecting Mobile Devices From TCP Flooding Attacks Yogesh Swami % and Hannes Tschofenig* % Nokia Research Center, Palo Alto, CA, USA. * Siemens Corporate Technology, Munich, DE. 1 Motivation Anatomy of
Firewalls and IDS. Sumitha Bhandarkar James Esslinger
Firewalls and IDS Sumitha Bhandarkar James Esslinger Outline Background What are firewalls and IDS? How are they different from each other? Firewalls Problems associated with conventional Firewalls Distributed
A Game Theoretical Framework on Intrusion Detection in Heterogeneous Networks Lin Chen, Member, IEEE, and Jean Leneutre
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL 4, NO 2, JUNE 2009 165 A Game Theoretical Framework on Intrusion Detection in Heterogeneous Networks Lin Chen, Member, IEEE, and Jean Leneutre
Analysis of Denial of Service Attack Using Proposed Model
Chapter 5 Analysis of Denial of Service Attack Using Proposed Model 5.0 Introduction An Adhoc network is a collection of nodes that are capable of forming dynamically a temporary network without the support
INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad
INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad OUTLINE Security incident Attack scenario Intrusion detection system Issues and challenges Conclusion
Firewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles
Firewalls Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations
Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System
Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System Shams Fathima M.Tech,Department of Computer Science Kakatiya Institute of Technology & Science, Warangal,India
Intrusion Detection for SCADA Systems
Intrusion Detection for SCADA Systems Dr Kieran McLaughlin CSIT, Queen s University Belfast Outline Background & Motivation Experience with IEC 60870-5-104 SCADA-IDS approach SPARKS mini-project targeting
Taxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
Security Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
CHAPTER 1 INTRODUCTION
21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless
Massive Cloud Auditing using Data Mining on Hadoop
Massive Cloud Auditing using Data Mining on Hadoop Prof. Sachin Shetty CyberBAT Team, AFRL/RIGD AFRL VFRP Tennessee State University Outline Massive Cloud Auditing Traffic Characterization Distributed
How To Prevent Network Attacks
Ali A. Ghorbani Wei Lu Mahbod Tavallaee Network Intrusion Detection and Prevention Concepts and Techniques )Spri inger Contents 1 Network Attacks 1 1.1 Attack Taxonomies 2 1.2 Probes 4 1.2.1 IPSweep and
CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
Cooperating Security Management for Mutually Trusted Secure Networks
Cooperating Security Management for Mutually Trusted Secure Networks Lai-Ming Shiue Department of Applied Mathematics National Chung-Hsing University Taichung 402, Taiwan Shang-Juh Kao Department of Computer
Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
COMPUTER SECURITY. J. Magalhães Cruz Computer Security Protection of Local Systems (short) 1 25
COMPUTER SECURITY 9. Protection of local systems (2) Goal (2) Actions to take (3) Protection by Prevention in Local Networks (LAN Protection) (4) Definitions (5) Firewall devices (corta fogos): traffic
Secure Because Math: Understanding ML- based Security Products (#SecureBecauseMath)
Secure Because Math: Understanding ML- based Security Products (#SecureBecauseMath) Alex Pinto Chief Data Scientist Niddel / MLSec Project @alexcpsec @MLSecProject @NiddelCorp MLSec Project / Niddel MLSec
On-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs
Security Engineering Part III Network Security Intruders, Malware, Firewalls, and IDSs Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer
Datascape for Cyber-Security NSA Cyber Defence Exercise Worked Example
Datascape for Cyber-Security NSA Cyber Defence Exercise Worked Example In 2009 the National Security Agency/Central Security Service (NSA/CSS - www.nsa.gov) ran the annual Cyber Defense Exercise (CDX http://www.nsa.gov/public_info/press_room/2009/cyber_defense_trophy.shtml).
Role of Anomaly IDS in Network
Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,
Ensuring Security in Cloud with Multi-Level IDS and Log Management System
Ensuring Security in Cloud with Multi-Level IDS and Log Management System 1 Prema Jain, 2 Ashwin Kumar PG Scholar, Mangalore Institute of Technology & Engineering, Moodbidri, Karnataka1, Assistant Professor,
idata Improving Defences Against Targeted Attack
idata Improving Defences Against Targeted Attack Summary JULY 2014 Disclaimer: Reference to any specific commercial product, process or service by trade name, trademark, manufacturer, or otherwise, does
UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2014/2015 NETWORK SECURITY MODULE NO: CPU6004
[CRT14] UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2014/2015 NETWORK SECURITY MODULE NO: CPU6004 Date: Wednesday 27 th May 2015 Time: 14:00 16:00
Chapter 1. Introduction
Chapter 1 Introduction 1.1. Motivation Network performance analysis, and the underlying queueing theory, was born at the beginning of the 20th Century when two Scandinavian engineers, Erlang 1 and Engset
Intrusion Detection. Jeffrey J.P. Tsai. Imperial College Press. A Machine Learning Approach. Zhenwei Yu. University of Illinois, Chicago, USA
SERIES IN ELECTRICAL AND COMPUTER ENGINEERING Intrusion Detection A Machine Learning Approach Zhenwei Yu University of Illinois, Chicago, USA Jeffrey J.P. Tsai Asia University, University of Illinois,
A Quantitative Approach to Security Monitor Deployment
A Quantitative Approach to Security Monitor Deployment Uttam Thakore PI: William H. Sanders Problem Intrusion detection requires adequate monitoring Monitors must collect sufficient information about intrusions
NERC CIP Version 5 and the PI System
Industry: Transmission/Distribution/Smarts Presented by NERC CIP Version 5 and the PI System Bryan Owen PE OSisoft Cyber Security Manager Agenda Update on OSIsoft Cyber Initiatives War Story CIP Version
Layered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks
Layered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks Lohith Raj S N, Shanthi M B, Jitendranath Mungara Abstract Protecting data from the intruders
A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS
A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS Sumanta Saha, Md. Safiqul Islam, Md. Sakhawat Hossen School of Information and Communication Technology The Royal Institute of Technology (KTH) Stockholm,
ICAB5238B Build a highly secure firewall
ICAB5238B Build a highly secure firewall Release: 1 ICAB5238B Build a highly secure firewall Modification History Not Applicable Unit Descriptor Unit descriptor This unit defines the competency required
Introduction to Cyber Security / Information Security
Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be
Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
Network Security. Outlines: Introduction to Network Security Dfii Defining Security Zones DMZ. July 2010. Network Security 08
Network Security (Principles i & Practices) Outlines: Introduction to Network Security Dfii Defining Security Zones DMZ By: Arash Habibi Lashkari July 2010 1 Introduction to Network Security Model of Network
Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100
Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology
A Review on Network Intrusion Detection System Using Open Source Snort
, pp.61-70 http://dx.doi.org/10.14257/ijdta.2016.9.4.05 A Review on Network Intrusion Detection System Using Open Source Snort Sakshi Sharma and Manish Dixit Department of CSE& IT MITS Gwalior, India Sharmasakshi1009@gmail.com,
Mobile Security Wireless Mesh Network Security. Sascha Alexander Jopen
Mobile Security Wireless Mesh Network Security Sascha Alexander Jopen Overview Introduction Wireless Ad-hoc Networks Wireless Mesh Networks Security in Wireless Networks Attacks on Wireless Mesh Networks
74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
Cyber Security of the Power Grid
Cyber Security of the Power Grid Chen-Ching Ching Liu Professor of Power Systems University College Dublin Research for Ireland s Future Ireland -Country of natural beauty -Quality of life ranked among
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
SCADA Security Measures
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA SCADA Security Measures
The Integration of SNORT with K-Means Clustering Algorithm to Detect New Attack
The Integration of SNORT with K-Means Clustering Algorithm to Detect New Attack Asnita Hashim, University of Technology MARA, Malaysia April 14-15, 2011 The Integration of SNORT with K-Means Clustering
1 Attack Top Attackers Report, Top Targets Report, Top Protocol Used by Attack Report, Top Attacks Report, Top Internal Attackers Report, Top External Attackers Report, Top Internal Targets Report, Top
Network Intrusion Analysis (Hands-on)
Network Intrusion Analysis (Hands-on) TCP/IP protocol suite is the core of the Internet and it is vital to understand how it works together, its strengths and weaknesses and how it can be used to detect
Online Network Traffic Security Inspection Using MMT Tool
Online Network Traffic Security Inspection Using MMT Tool Wissam Mallouli, Bachar Wehbi, Edgardo Montes de Oca Michel Bourdellès, Denis Rocher and Arnaud Baloche Montimage EURL, 39 rue Bobillot, 75013
SourceFireNext-Generation IPS
D Ů V Ě Ř U J T E S I L N Ý M SourceFireNext-Generation IPS Petr Salač CCNP Security, CCNP, CICSP, CCSI #33835 petr.salac@alefnula.com Our Customers Biggest Security Challenges Maintaining security posture
Network Security Forensics
Network Security Forensics As hacking and security threats grow in complexity and organizations face stringent requirements to document access to private data on the network, organizations require a new
Information Security Attack Tree Modeling for Enhancing Student Learning
Information Security Attack Tree Modeling for Enhancing Student Learning Jidé B. Odubiyi, Computer Science Department Bowie State University, Bowie, MD and Casey W. O Brien, Network Technology Department
ATTPS Publication: Trustworthy ICT Taxonomy
Publication: worthy ICT Taxonomy Roger Berkley worthy ICT Taxonomy Research Cybersecurity technology is a considerably large subdomain of ICT. Technology experts like Gartner have identified at least 94
SCADA SYSTEMS AND SECURITY WHITEPAPER
SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
Application of Data Mining Techniques in Intrusion Detection
Application of Data Mining Techniques in Intrusion Detection LI Min An Yang Institute of Technology leiminxuan@sohu.com Abstract: The article introduced the importance of intrusion detection, as well as
Intrusion Detection Systems
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Intrusion Detection Systems CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/
Traffic Analyzer Based on Data Flow Patterns
AUTOMATYKA 2011 Tom 15 Zeszyt 3 Artur Sierszeñ*, ukasz Sturgulewski* Traffic Analyzer Based on Data Flow Patterns 1. Introduction Nowadays, there are many systems of Network Intrusion Detection System
NETWORK SECURITY. Scott Hand. Melanie Rich-Wittrig. Enrique Jimenez
NETWORK SECURITY Scott Hand Melanie Rich-Wittrig Enrique Jimenez Chapter 2 In Which Firewalls Are Erected, Packets Are Snorted, And Pwnage Denied TOPICS COVERED Host Software Firewalls iptables Network
Five Steps For Securing The Data Center: Why Traditional Security May Not Work
White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center
MS Information Security (MSIS)
MS Information Security (MSIS) Riphah Institute of Systems Engineering (RISE) Riphah International University, Islamabad, Pakistan 1. Program Overview: The program aims to develop core competencies in
Conclusions and Future Directions
Chapter 9 This chapter summarizes the thesis with discussion of (a) the findings and the contributions to the state-of-the-art in the disciplines covered by this work, and (b) future work, those directions
Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010
Cryptography and Network Security Chapter 22 Fifth Edition by William Stallings Chapter 20 Firewalls The function of a strong position is to make the forces holding it practically unassailable On O War,
Network Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
Missing the Obvious: Network Security Monitoring for ICS
Missing the Obvious: Network Security Monitoring for ICS If ICS are so vulnerable, why haven t we seen more attacks? We aren t looking! Two Key Reasons Intent Visibility Intent Why are targeted attacks
Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.
Cyber Security. Environment, Solutions and Case study. Special Telecommunications Service David Gabriel, Buciu Adrian Contact: gdavid13@sts.ro adibuciu@sts.ro Environment Network/services can be damaged
Cyber Watch. Written by Peter Buxbaum
Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs
A NOVEL APPROACH FOR PROTECTING EXPOSED INTRANET FROM INTRUSIONS
A NOVEL APPROACH FOR PROTECTING EXPOSED INTRANET FROM INTRUSIONS K.B.Chandradeep Department of Centre for Educational Technology, IIT Kharagpur, Kharagpur, India kbchandradeep@gmail.com ABSTRACT This paper
Security Advisory. Some IPS systems can be easily fingerprinted using simple techniques.
Some IPS systems can be easily fingered using simple techniques. The unintentional disclosure of which security devices are deployed within your defences could put your network at significant risk. Security
Fuzzy Network Profiling for Intrusion Detection
Fuzzy Network Profiling for Intrusion Detection John E. Dickerson (jedicker@iastate.edu) and Julie A. Dickerson (julied@iastate.edu) Electrical and Computer Engineering Department Iowa State University
Traffic Monitoring : Experience
Traffic Monitoring : Experience Objectives Lebah Net To understand who and/or what the threats are To understand attacker operation Originating Host Motives (purpose of access) Tools and Techniques Who
Security Issues in SCADA Networks
Security Issues in SCADA Networks by V. M. Igure, S. A. Laughter, and R. D. Williams Computers & Security, 25(7): 498-506, 2006 presented by Ruilong Deng Postdoctoral Research Fellow School of Electrical
Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies
Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some
IDS : Intrusion Detection System the Survey of Information Security
IDS : Intrusion Detection System the Survey of Information Security Sheetal Thakare 1, Pankaj Ingle 2, Dr. B.B. Meshram 3 1,2 Computer Technology Department, VJTI, Matunga,Mumbai 3 Head Of Computer TechnologyDepartment,
ENHANCED GREEN FIREWALL FOR EFFICIENT DETECTION AND PREVENTION OF MOBILE INTRUDER USING GREYLISTING METHOD
ENHANCED GREEN FIREWALL FOR EFFICIENT DETECTION AND PREVENTION OF MOBILE INTRUDER USING GREYLISTING METHOD G.Pradeep Kumar 1, R.Chakkaravarthy 2, S.Arun kishorre 3, L.S.Sathiyamurthy 4 1- Assistant Professor,
Intrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12
Intrusion Detection Systems and Supporting Tools Ian Welch NWEN 405 Week 12 IDS CONCEPTS Firewalls. Intrusion detection systems. Anderson publishes paper outlining security problems 1972 DNS created 1984
CYBER ATTACKS EXPLAINED: PACKET CRAFTING
CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure
Software Defined Networking A quantum leap for Devops?
Software Defined Networking A quantum leap for Devops? TNG Technology Consulting GmbH, http://www.tngtech.com/ Networking is bottleneck in today s devops Agile software development and devops is increasing
Current and Future Research into Network Security Prof. Madjid Merabti
Current and Future Research into Network Security Prof. Madjid Merabti School of Computing & Mathematical Sciences Liverpool John Moores University UK Overview Introduction Secure component composition
Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
IS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS
About the Authors Preface Acknowledgements List of Acronyms
Contents About the Authors Preface Acknowledgements List of Acronyms xiii xv xvii xix Part One Wireless Ad Hoc, Sensor and Mesh Networking 1 1 Introduction 3 1.1 Information Security 4 1.1.1 Computer Security
Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
Speedy Signature Based Intrusion Detection System Using Finite State Machine and Hashing Techniques
www.ijcsi.org 387 Speedy Signature Based Intrusion Detection System Using Finite State Machine and Hashing Techniques Utkarsh Dixit 1, Shivali Gupta 2 and Om Pal 3 1 School of Computer Science, Centre