Download Data Mining BS/MS Project

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
Document related concepts

Unix security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Airport security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Mobile security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Cyberwarfare wikipedia , lookup

Cyberattack wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Data Mining BS/MS Project
Anomaly Detection for
Cyber Security
Presentation by Mike Calder
Anomaly Detection
• Used for cyber security
– Detecting threats using network data
– Detecting threats using host-based data
• In some domains, anomalies are detected
so that they can be removed/corrected
• In cyber security, the anomalies are what
present threats that analysts need to find
2
Motivation
• Proactive vs. reactive security
– Taking a proactive approach identifies threats
before they cause damage
– Taking a reactive approach minimizes and
recovers from damage being caused
• If anomalies are detected in real-time,
cyber damage can be minimized/avoided
3
Sample Network-Based Setup
Taken from (Yan, 2013)
These steps combine density-based clustering
with network traffic anomaly detection
4
Example 3-D Resulting Dataset
Taken from (Yan, 2013)
Clusters are shown as different colors in this
visual, anomaly detection identifies the outliers
(axes/instances for this graph are not specified in the paper)
5
Sample Host-Based Setup
Taken from (Stolfo, 2005)
Data is intercepted at kernel level and analyzed
for anomaly detection in a data warehouse
6
Host-Based Results
• The “PAD Detector” in the previous graph
used probabilistic anomaly detection on
the system calls logged by the interceptor
• When attempting to identify “malicious”
processes (programs that make file
accesses they aren’t expected to), PAD
achieved 95% accuracy
– With only a 2% false positive rate
7
References
• X. Yan. “Early Detection of Cyber Security Threats using
Structured Behavior Modeling”. ACM Transactions on
Information and System Security, Vol. V, No. N. 2013.
• K. Ingham. “Comparing Anomaly Detection Techniques
for HTTP”. Proc. 10th International Symposium on
Recent Advances in Intrusion Detection. 2006.
• S. Stolfo. “Anomaly Detection in Computer Security and
an Application to File System Accesses”. Lecture Notes
in Computer Science, Vol. 3488, pp. 14-28. 2005.
8
Related documents
PPTX - TuxHPC
PPTX - TuxHPC
Lab- Magnetics and Seafloor Spreading
Lab- Magnetics and Seafloor Spreading
Event Detection on Call Data Records
Event Detection on Call Data Records
Anomaly detection algorithms in Scikit-Learn
Anomaly detection algorithms in Scikit-Learn
SECURITY IN THE BALTIC SEA REGION 1. Lecture
SECURITY IN THE BALTIC SEA REGION 1. Lecture
Anomaly Detection via Online Over-Sampling Principal Component
Anomaly Detection via Online Over-Sampling Principal Component
Mar10IntroDB
Mar10IntroDB
Anomaly Detection via Online Over-Sampling Principal Component
Anomaly Detection via Online Over-Sampling Principal Component
CS548 Spring 2015 Anomaly Detection Showcase Anomaly
CS548 Spring 2015 Anomaly Detection Showcase Anomaly
EECE News > University of Pretoria - University of Pretoria Archived
EECE News > University of Pretoria - University of Pretoria Archived
Project Report -- Fall 2010
Project Report -- Fall 2010
Abstract - CSEPACK
Abstract - CSEPACK