Download shafiq-present - Human Competitive

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
Document related concepts

Immunomics wikipedia , lookup

Hygiene hypothesis wikipedia , lookup

Psychoneuroimmunology wikipedia , lookup

Transcript 
GECCO HUMIES - 2008
Immune-inspired Network
Intrusion Detection System
(i-NIDS)
M. Zubair Shafiq1, Syed Ali Khayam2, Muddassar Farooq1
1 Next
Generation Intelligent Networks Research Center 2 School of Electrical Engineering & Computer Sciences
National University of Computer & Emerging Sciences
National University of Sciences & Technology
Islamabad, Pakistan
Rawalpindi, Pakistan
http://www.nexginrc.org
http://wisnet.niit.edu.pk
Introduction
Simple Human
competitive
Human^ machine
competitive
2
Unfortunately, most computer viruses are not so courteous!
3
Estimated Damage (in billions of US
Dollars)
55
Thousands
Threat numbers show the story of
what’s happening?
600
500
Number of new threats
Total threats
400
300
200
25
12.1
17.1
13.2
100
0
1999
2000
2001
2002
2003
4
These are Commercial Software…
Norton AV
Command
AV
McAfee AV
Chernobyl1.4
Not detected Not detected Not detected
F0sf0r0
Not detected Not detected Not detected
Hare
Not detected Not detected Not detected
Z0mbie-6.b
Not detected Not detected Not detected
Signature matching!
Size of signature database cannot scale!
Inability to detect zero-day (novel) attacks!
5
Motivation for current work
A self-healing, self-defending and living
artificial immune system
Proactive defense against zero-day
attacks
Mapping concepts from A-life and
evolution
6
Immune inspired Network
Intrusion Detection System
Alarm
Output
Network
Traffic Stream
Intelligent Statistical Features
1. Memory of Markov Chain
2. Multi resolution session rate
3. Entropy of IP address
4. Divergence of port distribution
Adaptive Immune System/
Innate Immune System
1. Negative Selection
2. Dendritic Cell Algorithm
7
Human^machine Competitive Results
Detector
TP rate (%)
FP rate (%)
[Classical Bio-inspired Detector]
Naïve RVNS
53.5
7.9
[Classical Bio-inspired Detector]
Naïve DCA
61.6
5.8
[State-of-the-art Statistical Detector]
Rate Limiting
84.4
1.4
[State-of-the-art Statistical Detector]
Maximum Entropy
83.1
4.2
[Immune inspired NIDS]
i-RVNS
94.9
0.2
[Immune inspired NIDS]
i-DCA
94.6
0.1
8
Engineered System
Traffic
PBTS
Application
Layer
PBSP-App
WBFC
Application
Layer
Features-App
BCM
Application
Layer
Features-Trans
BCM
Transport Layer
Features-Net
BCM
Network Layer
Features-DL
BCM
Datalink Layer
Decision Feedback
Patent pending
Traffic
PBTS
Transport Layer
PBSP-Trans
WBFC
Transport Layer
Decision Feedback
Network
Protocol Stack
(Client Machine)
Traffic
PBTS
Network Layer
PBSP-Net
WBFC
Network Layer
Decision Feedback
Traffic
PBTS
Datalink Layer
PBSP-DL
WBFC
Datalink Layer
Decision Feedback
Complete version will be ready in 1 year time; free download
Keys :
PBTS : Policy Based Traffic Sniffer
WBFC : Window Based Feature Computers
BCM
: Binary Classifier Module
US$200,000 grant to develop the final product from the
National ICT R&D fund, Government of Pakistan
9
Why the best? In a nutshell…
1. Hard problem in hard domain; impossible for a human to solve
2. Evolved system better than human developed, commercial antivirus software
3. Evolved system better than state-of-the-art statistical malware
detectors
4. Hybrid of statistical-immune detectors; best of both worlds
5. Engineered product; open-source initiative
10
Publications
A Comparative Study of Fuzzy Inference Systems, Neural Networks and Adaptive
Neuro Fuzzy Inference Systems for Portscan Detection
M. Zubair Shafiq, Muddassar Farooq and Syed Ali Khayam
In M. Giacobini et al.(Eds.), Proceedings of Applications of Evolutionary Computing,
EvoWorkshops 2007 (EuroGP-EvoCoMnet), Volume 4974 of Lecture Notes in Computer
Science, pp. 48–57, Springer Verlag, Napoli, Italy, March,2008.
(BEST PAPER NOMINATION)
Improving the Accuracy of Immune-inspired Malware Detectors by using Intelligent
Features
M. Zubair Shafiq, Syed Ali Khayam and Muddassar Farooq
In Genetic and Evolutionary Conference (GECCO), July, 2008, Atlanta, USA.
11
12
Related documents
PatReco: Introduction
PatReco: Introduction
An insatiable curiosity, combined with meticulous
An insatiable curiosity, combined with meticulous
Human Body Systems
Human Body Systems
Immune System - Mayfield City Schools
Immune System - Mayfield City Schools
GeneXpert MTB WITH RIFAMPICIN RESISTANCE
GeneXpert MTB WITH RIFAMPICIN RESISTANCE
スライド 1 - STScI
スライド 1 - STScI
スライド 1
スライド 1
Click here
Click here
Unt 12 Immune System Disorders Powerpoint
Unt 12 Immune System Disorders Powerpoint
The Immune System Checklist
The Immune System Checklist
Immune System notes
Immune System notes
Immune-system-preview-nobelprize-org
Immune-system-preview-nobelprize-org
Current Opinion in Immunology 2009, 21:440–445 Biomarkers of
Current Opinion in Immunology 2009, 21:440–445 Biomarkers of
Immune regulating Es-products in parasitic nematodes
Immune regulating Es-products in parasitic nematodes
BSC 361
BSC 361
Immunology
Immunology
Immunity Review
Immunity Review
Exposure to Influenza Virus Aerosols in the Hospital Setting: Is
Exposure to Influenza Virus Aerosols in the Hospital Setting: Is
2422/9 Simultaneous detection of activating somatic DNA mutations
2422/9 Simultaneous detection of activating somatic DNA mutations
Document
Document
Full Text - Defense Technical Information Center
Full Text - Defense Technical Information Center
astronomical objects detection-paper-06-25-2014
astronomical objects detection-paper-06-25-2014