Download open in new window

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
Document related concepts

Cluster analysis wikipedia , lookup

Types of artificial neural networks wikipedia , lookup

Transcript 
Neural Technology and
Fuzzy Systems
in Network Security
Project Progress 2
Group 2:
Omar Ehtisham Anwar 2005-02-0129
Aneela Laeeq
2005-02-0023
Neural Techniques



IPS tools are based on static rules alone
Neural Techniques seek to classify all new
events and highlight those that appear
most threatening
Neural Techniques allow the security
expert to be the final arbiter
The Neural Security Layer

Fuzzy Clustering




Creates a baseline profile of the network in various states by “training”
itself
Establishes patterns and does not determine an exact profile of what a
user does
Uses algorithms that identify these patterns and separates clusters
accordingly
Kernel Classifier




Determines which existing cluster a new event most likely belongs to
Classifies events according to how far away they are from the norm
(any existing cluster)
Events farthest away bubble to the top where administrators take
manual action
Uses algorithms based on non-linear distribution laws, which use
statistics to track what happens over extended periods of time

Clusters


A set of XML files that become model filters or
knowledge base for the network resource
being monitored
The knowledge base is continually updated
based on:
Results of day-to-day activities
 Data from third-party sources, such as IDS
signatures

Six Steps to Producing Security Intelligence
1)
2)
3)
4)
5)
6)
Designate Data: Data can be system log entries or any other raw or
formatted measure of activity in the environment.
Model Analyst Expertise: Variables, weights, centers and pertinent even
knowledge comprise the analytic or data mining model are configured
based on the specific analysis requirements and the unique attributes of
the particular environment.
Train Model: Process of organizing the designated security data into
multi-dimensional “event vectors” within the context of the analytic
models. This establishes the baseline activity.
Generate Knowledge: Live or offline data is compared against the
contents of the training baseline and classified accordingly.
Teach Model: User-supervision and infusion of expert knowledge
essential to accurate event classification and system base-lining and to
filter out non-threatening anomalous activity.
Leverage Knowledge: System output is invaluable for the real-time or
offline analysis, detection and prevention of any type of potentially
internal and external criminal activity or system misuse.
Neural Security (NS) Tool





Monitors activity on Microsoft Internet Information
Server (IIS) Web servers
Preconfigured to monitor activity on a single IIS server
or an entire server farm
In training mode, examines IIS logs to determine normal
activity of the server and creates its clusters
Comes with a knowledge base of known IIS exploits
Unlike rule-based security systems, NS quickly adapts to
each unique installation and will continue to adapt as
more information is added to its knowledge base
Neural Security (NS) Tool

Training Mode



Organize IIS-specific data into clusters that reflect normal use
patterns (both trusted and untrusted) within the server
environment
Process or organizing clusters guided through the use of a builtin knowledge base of published attack signatures
Monitor Mode



Compare all incoming requests to IIS against the Training
Database to determine whether it falls within acceptable
distance of trusted activity
Within limits of trusted activity: Process Continues
Outside limits of trusted activity: Initiate whatever action has
been configured e.g. post an on-screen alert, block untrusted
connection or shut down IIS
Neural Security (NS) Tool

Maintenance





Proper classification of events is essential
Maintain as Security Alerts are displayed, or
Review Security Alert Log periodically
After re-classification of events, “Re-Train” database
NS remembers correct classification and
characteristics of events, which is then applicable to
the analysis of subsequent events
Related documents
Machine Learning syl..
Machine Learning syl..
Elements of Artificial Neural Networks
Elements of Artificial Neural Networks
Aspects regarding raw material stock management using neural
Aspects regarding raw material stock management using neural
Deep Learning for Images
Deep Learning for Images
NORA YOUNGS, Colby College Neural ideals and stimulus space
NORA YOUNGS, Colby College Neural ideals and stimulus space
Learning about Learning - by Directly Driving Networks of Neurons
Learning about Learning - by Directly Driving Networks of Neurons
Preface
Preface
Quiz 3
Quiz 3
DM2004_Week14
DM2004_Week14
Quiz Chapter 3 Brain Neural Communication Dr Myer How do
Quiz Chapter 3 Brain Neural Communication Dr Myer How do
7-9_BrainDev_ValaczkaiR
7-9_BrainDev_ValaczkaiR
Artificial Neural Network Quiz
Artificial Neural Network Quiz
chapter-1 introduction
chapter-1 introduction
Beating the Best
Beating the Best
New Part #2 of Artificial Intelligence
New Part #2 of Artificial Intelligence
Genetic Algorithms and Machine Learning
Genetic Algorithms and Machine Learning
Chapter 3 The Impact of Databases
Chapter 3 The Impact of Databases
Machine Learning
Machine Learning
Using Neural Networks in Database Mining by Tino Jimenez
Using Neural Networks in Database Mining by Tino Jimenez
Second S302 class session
Second S302 class session
Dysregulated Postsynaptic Density and Endocytic Zone in the
Dysregulated Postsynaptic Density and Endocytic Zone in the
Psychology of Music Learning
Psychology of Music Learning