Download The Utilization of A..

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
Document related concepts

Lateral computing wikipedia , lookup

Control system wikipedia , lookup

Transcript 
The Utilization of Artificial Intelligence
in a Hybrid Intrusion Detection System
Authors:Martin Botha, Rossouw von Solms, Kent Perry,
Edwin Loubser and George Yamoyany
Source :Proceedings of the 2002 Annual Research Conference of South African
Institute for Computer Scientists and Information Technologists (SAICSIT),
pp. 149-155, September 2002.
Speaker:Chien-Jen Hsueh
Date
:2005/12/06
Outline
 Introduction
 Intrusion Detection System (IDS)
 IDS & Overview of Current IDS
 Problems of IDS
 Fuzzy application
 Generic Hybrid Intrusion Identification Strategy
 Three independent computational components
 Next Generation Proactive Identification Model (NeGPAIM)
 Conclusions
 Comments
2
Introduction
 Computer security gains important
 Environment changes fast
 Information becomes a precious asset
 Increase security requirements
 ex: 2001 CSI/FBI Computer Crime & Security Survey
 Need more powerful security technology
 New techniques
 Neural network
 Fuzzy engine
3
Introduction
IDS
Fuzzy application
Conclusions
Comments
Intrusion Detection System
 IDS & Overview of Current IDS




A process of intelligently monitoring the events
Analysis signs of violation
Attempts to compromise security components
Consists of three functional components
 Information source: provider a stream of event records
 Analysis engine: finds signs of intrusions
 Response component: generates reactions based on the outcome
of the analysis engine
4
Introduction
IDS (1/3)
Fuzzy application
Conclusions
Comments
Problems of IDS_Analyses
 Two approaches of analysis engine
 Misuse detection
 Detects intrusions that follow well-known patterns of attack
 Primary limitation of this approach
 Looks only for known weakness
 May not be of much use in detecting unknown future intrusions
 Anomaly detection
 Using statistical techniques to find patterns that was abnormal
 Main problem of this approach
 Tend to be computationally expensive
 Trained incorrectly to recognize an intrusive behavior due to
insufficient data
Introduction
IDS (2/3)
Fuzzy application
Conclusions
Comments
5
IDS Problems
 Mostly current commercial IDS (CIDS) based on the
misuse detection approach
 Make highly ineffective
 Intruders do not match the known attack patterns of CIDS
 New attack patterns is time consuming
 Difficult to identify effectively by IDS due to insufficient data
6
Introduction
IDS (3/3)
Fuzzy application
Conclusions
Comments
Fuzzy Application
 Generic Hybrid Intrusion Identification Strategy
 Hybrid system idea can be used to improve the monitoring
functionality of current IDS
 Three independent computational components
 Central analysis engine
 Fuzzy engine
 Neural engine
7
Introduction
IDS
Fuzzy application (1/11)
Conclusions
Comments
Generic Hybrid
Intrusion Identification Strategy
Implement the misuse
detection approach
8
Introduction
IDS
Fuzzy application (2/11)
Conclusions
Comments
Fuzzy Engine and Fuzzy Logic
 Fuzzy Engine
 Implements the misuse detection approach based on fuzzy logic
 A superset of boolean logic
 Extended to handle the concept of partial truth
Completely
False
True values
Completely
True
 Provide a more effective monitoring functionality
 It will not require regular updates on new intrusion attacks
9
Introduction
IDS
Fuzzy application (3/11)
Conclusions
Comments
Fuzzy logic application
 Developing two graphs using fuzzy logic
 Compare generic intrusion phases and actions of an intruder
there by prediction patterns of misuse
 Template graph represent six generic intrusion phases
 User action graph represent the actual action of the intruder
 Mapping of graphs possible determine patterns of misuse
10
Introduction
IDS
Fuzzy application (4/11)
Conclusions
Comments
Template Graphs
• Template Graphs will use to represent the six generic intrusion phases
11
Introduction
IDS
Fuzzy application (5/11)
Conclusions
Comments
User Action Graph
• User action graph will represent the actual actions of the misuse
12
Introduction
IDS
Fuzzy application (6/11)
Conclusions
Comments
Mapping of Graphs
and the Functions
 The output is a numeric value
 Used by the central strategy engine to determine if a intruder is
carrying out an intrusion attack
13
Introduction
IDS
Fuzzy application (7/11)
Conclusions
Comments
Next Generation
Proactive Identification Model
 Next Generation Proactive Identification Model (NeGPAIM)
 Based on Hybrid Intrusion Identification Strategy
 Consists of nine major components





Information Provider, Collector
Coupler, Information Refiner
Neural Engine, Central Analysis Engine
Responder and Manager
Fuzzy Engine
 All components are resided on a 3-tier architecture
 Client, external host and internal host
14
Introduction
IDS
Fuzzy application (8/11)
Conclusions
Comments
Fuzzy Engine
 One of two low-level processing unit of NeGPAIM
 Used to determine whether a intruder’s intrusion attack
 Compute a template and user action graph for each user
 Map the two graphs
 Notify the central analysis engine with an intrusion value
 Performed on a continuous basis
15
Introduction
IDS
Fuzzy application (9/11)
Conclusions
Comments
General
Representation of NeGPAIM
16
Introduction
IDS
Fuzzy application (10/11)
Conclusions
Comments
Practical Implementation
of NeGPAIM
 Implementing Fuzzy Engine Prototype (IFEP)
 An initial prototype to test the feasibility of the model
 Only implemented the fuzzy engine
 Developed by employing CLIPS developing software
 Tested by way of several independent case studies
 IFEP was successful in performing misuse detection
17
Introduction
IDS
Fuzzy application (11/11)
Conclusions
Comments
Conclusions
 NeGPAIM provide stronger detection approach
 Monitor and identify intrusion proactively and dynamically
 Ex: A attacker has the objective of stealing credit card information
identify at an early stage and disconnect the attack session
 Fuzzy engine implements misuse detection
 Differs from current misuse detection system
 It does not search for particular pattern of attack
 Searches for general misuse of resources and objects
 Still need the information security officer
18
Introduction
IDS
Fuzzy application
Conclusions
Comments
Comments
 Fuzzy logic and engine may usefully use in
other security techniques
 Authentication, Key distribution…
 Combine with other AI concept
 Neural engine, Intelligence Agent…
 Fuzzy logic using in Digital Rights
Management
19
Introduction
IDS
Fuzzy application
Conclusions
Comments
Thank you for listening…
20
Fuzzy theory report by Chien-Jen Hsueh, December 2005
Related documents
M.Tech. IN ADVANCED INFORMATION TECHNOLOGY - INTELLIGENT SYSTEMS AND ROBOTICS (MTECHSR) Term-End Examination
M.Tech. IN ADVANCED INFORMATION TECHNOLOGY - INTELLIGENT SYSTEMS AND ROBOTICS (MTECHSR) Term-End Examination
Intrusion Detection using Genetic Programming
Intrusion Detection using Genetic Programming
Overview of Part II, CMSC5707 Advanced Topics in Artificial
Overview of Part II, CMSC5707 Advanced Topics in Artificial
Anomaly Detection Using GAs
Anomaly Detection Using GAs
customized Microsoft Word 2007 chapter abstract template
customized Microsoft Word 2007 chapter abstract template
Tutorial Details
Tutorial Details
3Jain-Agarwal
3Jain-Agarwal
Document
Document
Some Applications of Fuzzy Logic in Data Mining and Information
Some Applications of Fuzzy Logic in Data Mining and Information
Bölüm
Bölüm
CS607_Current_Subjective
CS607_Current_Subjective
Intrusion Detection Technique by using K
Intrusion Detection Technique by using K