SlideShare ist ein Scribd-Unternehmen logo

IDS with Artificial Intelligence

Conferencias FIST
Conferencias FIST
Technologie
1 von 51
Downloaden Sie, um offline zu lesen
Intrusion Detection System with Artificial Intelligence Mario Castro Ponce Universidad Pontificia Comillas de Madrid FIST Conference - June 2004 edition Sponsored by: MLP Private Finance IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 1/28
Aim of the talk 1. Showing you a different approach to Intrussion Detection based on Artificial Intelligence 2. Contact experts in the field to exchange ideas and maybe creating a (pioneer!!!!) working group IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 2/28
Sketch of the talk What is an IDS? Architecture of a Vulnerability Detector Why using A.I.? Neurons and other animals Neural-IDS Fuzzy-Correlator Conclusions IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 3/28
What is an IDS? Any hardware, software, or combination of thereof that monitors a system or network of systems for malicious activity IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 4/28
What is an IDS? Any hardware, software, or combination of thereof that monitors a system or network of systems for malicious activity Main functions Dissuade Prevent Documentate IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 4/28
What is an IDS? Any hardware, software, or combination of thereof that monitors a system or network of systems for malicious activity Main functions Dissuade Prevent Documentate Two kinds of IDS Host based Network based IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 4/28
Architecture of a Vulnerability Detector Example: OSSIM n IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 5/28
Why using AI? The system manager nightmare: The false positives. IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 6/28
Why using AI? The system manager nightmare: The false positives. Then? A.I. for three main reasons Flexibility (vs threshold definition) Adaptability (vs specific rules) Pattern recognition (and detection of new patterns) IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 6/28
Why using AI? The system manager nightmare: The false positives. Then? A.I. for three main reasons Flexibility (vs threshold definition) Adaptability (vs specific rules) Pattern recognition (and detection of new patterns) Moreover Fast computing (faster than humans, actually) Learning abilities. IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 6/28
Neurons and other animals AI TOOLS Neural Networks Fuzzy Logic Other... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 7/28
Artificial Neural networks Change of paradigm in computing science: Many dummy processors with a simple task to do against one (or few) powerful versatile processors IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 8/28
Neurons and artificial neurons IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 9/28
Main types of ANN Multilayer perceptrons OUTPUT LAYER INPUT LAYER HIDDEN LAYER Self-organized maps Radial basis neural networks Other IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 10/28
Neural IDS Designed for DoS and port scan attacks IDS based on a multilayer perceptron IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 11/28
Neural IDS Designed for DoS and port scan attacks IDS based on a multilayer perceptron Designing the tool Analysis Quantification Topology feed−back Learning & validation IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 11/28
First scenario: Port scan Pouring rain analogy Packets from the same source @IP 21 22 23 25 80 PORT NUMBERS IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 12/28
Second scenario: Denial of Service Pouring rain analogy Packets from the same source @IP 21 22 23 25 80 PORT NUMBERS IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 13/28
Measures Visually the difference between them is clear. . . but quantitatively? IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Statistical Mechanics Order = Low Entropy Disorder = High Entropy IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Solid State Physics (electronics) ATOMS INSULATOR ATOMS CONDUCTOR IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Packets from the same source @IP Disorder = High Entropy 21 22 23 25 80 PORT NUMBERS CONDUCTOR IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Packets from the same source @IP Order = Low Entropy 21 22 23 25 80 PORT NUMBERS INSULATOR IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Traffic parameters Packets per second Fraction of total packets to a port Inverse of the total number of packets IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Traffic parameters Packets per second Fraction of total packets to a port Inverse of the total number of packets All measures are evaluated within a time window. Parallel time windows: e.g., 15 sec, 30 sec, 5 minutes, 30 minutes IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
Topology ENTROPY PORT SCAN IPR DENIAL OF SERVICE PACKETS/SEC FRACTION OF PACKETS NONE 1/PACKETS IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 15/28
Learning and testing TYPE OF ATTACK LEARNING PATTERNS RATE OF SUCCESS SEQUENCIAL SCAN 20 100 % SEQUENCIAL SCAN 50 100 % RANDOM SCAN 20 100 % RANDOM SCAN 50 100 % DoS 20 70 % DoS 50 80 % ALL 20 60 % ALL 50 65 % IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 16/28
Learning and testing TYPE OF ATTACK LEARNING PATTERNS RATE OF SUCCESS SEQUENCIAL SCAN 20 100 % SEQUENCIAL SCAN 50 100 % RANDOM SCAN 20 100 % RANDOM SCAN 50 100 % DoS 20 70 % DoS 50 80 % ALL 20 60 % ALL 50 65 % Best choice: Specialized neural detectors IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 16/28
Fuzzy Logic Imitates human perception: Approximate reasoning IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
Fuzzy Logic Imitates human perception: Approximate reasoning Example: Air cooler Classical rules: IF Temperature > 25 THEN Switch-on IF Temperature < 21 THEN Switch-off ... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
Fuzzy Logic Imitates human perception: Approximate reasoning Example: Air cooler Classical rules: IF Temperature > 25 THEN Switch-on IF Temperature < 21 THEN Switch-off ... Fuzzy rules: IF Temperature is high THEN Switch-on IF Temperature is too low THEN Switch-off ... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
Fuzzy Logic Imitates human perception: Approximate reasoning Example: Air cooler Classical rules: IF Temperature > 25 THEN Switch-on IF Temperature < 21 THEN Switch-off ... Fuzzy rules: IF Temperature is high THEN Switch-on IF Temperature is too low THEN Switch-off ... More sofisticated fuzzy rules: IF Temperature is moderate AND my wife is very pregnant THEN Switch-on ... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
Term sets and grade of membership Thresholds More than 3000 packets/sec ⇒ Possible DoS More than 5000 packets/sec ⇒ DoS! IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 18/28
Term sets: Thresholds 0 1 IDS with AI marioc@dsi.icai.upco.es 0 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   1000 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   low ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   2000 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   VOLUME OF TRAFFIC ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   More than 5000 packets/sec ⇒ DoS! More than 3000 packets/sec ⇒ Possible DoS Term sets and grade of membership FIST Conference - june 2004 edition– 18/28
Fuzzy correlator: Preliminary work Aim of the research: Use the flexibility and human language features of Fuzzy Logic and include them in the OSSIM Correlation Engine IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 19/28
Fuzzy correlator: Preliminary work Aim of the research: Use the flexibility and human language features of Fuzzy Logic and include them in the OSSIM Correlation Engine Status: Preliminary definitions and precedures. IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 19/28
More on term sets Input variable: Volume of traffic very low low normal high very high 1 0 0 1000 2000 3000 4000 5000 IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 20/28
More on term sets (II) Input variable: Number of visited ports very low low normal high very high 1 0 0 2 4 6 8 10 IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 21/28
More on term sets (III) Output variable: DoS Attack? improbable maybe almost sure 1 0 0 0.5 1 Rules (example): IF traffic is high AND number of destination ports is low THEN DoS Evaluating rules gives the required answer ’DoS Attack?’: almost sure IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 22/28
OSSIM Correlation Engine Characteristics Depends strongly on timers All the variants of an attack must be coded Cannot detect new attacks Complex sintax IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 23/28
Sample scenario: NETBIOS DCERPC ISystemActivator IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 24/28
Sample scenario: NETBIOS DCERPC ISystemActivator TIME_OUT IF destination_ports = 135,445 THEN Generate Alarm with Reliability 1 and wait 60 seconds for next rule TIME_OUT AND IF DEST_IP and SRC_IP talk again THEN Alarm, Reliability 3 and wait 60 seconds for next rule AND IF DEST_PORT and SRC_PORT talk again AND plugin_sid=2123 (CMD.EXE) THEN Alarm TIME_OUT Reliability 6 and wait 60 seconds for next rule TIME_OUT AND FINALLY IF plugin_id=2002 and conection lasts more than 10 THEN Alarm with Reliability 10 IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 25/28
Fuzzy Correlator revisited: Objectives Going beyond the sequential arrival of packets Integrating different sensors: IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 26/28
Fuzzy Correlator revisited: Objectives Going beyond the sequential arrival of packets Integrating different sensors: SNORT Anomaly detection: Abnormal connection to an open port (firewall) Thresholds High traffic at nights or weekends, . . . Neural-IDS Other IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 26/28
Fuzzy Correlator revisited: Objectives Going beyond the sequential arrival of packets Integrating different sensors: SNORT Anomaly detection: Abnormal connection to an open port (firewall) Thresholds High traffic at nights or weekends, . . . Neural-IDS Other Defining rules according to Security Manager’s experience IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 26/28
Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) But there is still a lot of work to do. . . IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) But there is still a lot of work to do. . . We need more time. We need more people Students Security experts (working group?) And of course. . . IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) But there is still a lot of work to do. . . We need more time We need more people Students Security experts (working group?) And of course. . . some money to pay it IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
And that’s all folks. . . IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 28/28

Empfohlen

Haiku francais
Haiku francaisHaiku francais
Haiku francaisShanthipriya Srinath
 
Post pruning
Post pruning Post pruning
Post pruning amiri_mojtaba
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Privacy and ethical issues in Biometric Systems
Privacy and ethical issues in Biometric SystemsPrivacy and ethical issues in Biometric Systems
Privacy and ethical issues in Biometric SystemsFrancesco Bonadiman
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsJared Greenhill
 
Data recovery report
Data recovery reportData recovery report
Data recovery reporttutannandi
 
An Investigation of Weather Forecasting using Machine Learning Techniques
An Investigation of Weather Forecasting using Machine Learning TechniquesAn Investigation of Weather Forecasting using Machine Learning Techniques
An Investigation of Weather Forecasting using Machine Learning TechniquesDr. Amarjeet Singh
 
Computer viruses
Computer virusesComputer viruses
Computer virusesMuhammad Uzair Rasheed
 

Empfohlen

Haiku francais
Haiku francaisHaiku francais
Haiku francaisShanthipriya Srinath
 
Post pruning
Post pruning Post pruning
Post pruning amiri_mojtaba
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Privacy and ethical issues in Biometric Systems
Privacy and ethical issues in Biometric SystemsPrivacy and ethical issues in Biometric Systems
Privacy and ethical issues in Biometric SystemsFrancesco Bonadiman
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsJared Greenhill
 
Data recovery report
Data recovery reportData recovery report
Data recovery reporttutannandi
 
An Investigation of Weather Forecasting using Machine Learning Techniques
An Investigation of Weather Forecasting using Machine Learning TechniquesAn Investigation of Weather Forecasting using Machine Learning Techniques
An Investigation of Weather Forecasting using Machine Learning TechniquesDr. Amarjeet Singh
 
Computer viruses
Computer virusesComputer viruses
Computer virusesMuhammad Uzair Rasheed
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Futureamiable_indian
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS BasicsMahendra Pratap Singh
 
Snort IPS
Snort IPSSnort IPS
Snort IPSSimone Tino
 
Nfv
NfvNfv
NfvAhmad Hijazi
 
Lecture artificial neural networks and pattern recognition
Lecture artificial neural networks and pattern recognitionLecture artificial neural networks and pattern recognition
Lecture artificial neural networks and pattern recognitionHưng Đặng
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 
6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...VLSICS Design
 
Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...sipij
 
Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...sipij
 
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...Paolo Nesi
 
6 th International Conference on Image Processing and Pattern Recognition (IP...
6 th International Conference on Image Processing and Pattern Recognition (IP...6 th International Conference on Image Processing and Pattern Recognition (IP...
6 th International Conference on Image Processing and Pattern Recognition (IP...ijesajournal
 
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...Andrea Omicini
 
8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)acijjournal
 
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)VLSICS Design
 
8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)IJCI JOURNAL
 
3rd International Conference on Advances in Artificial Intelligence Techniqu...
3rd International Conference on Advances in Artificial Intelligence Techniqu... 3rd International Conference on Advances in Artificial Intelligence Techniqu...
3rd International Conference on Advances in Artificial Intelligence Techniqu...aciijournal
 
8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)ijcsity
 
8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)ijistjournal
 
11th International Conference on Soft Computing, Artificial Intelligence and...
11th International Conference on Soft Computing, Artificial Intelligence and... 11th International Conference on Soft Computing, Artificial Intelligence and...
11th International Conference on Soft Computing, Artificial Intelligence and...aciijournal
 
Call for Papers - 8th International Conference on Signal and Image Processing...
Call for Papers - 8th International Conference on Signal and Image Processing...Call for Papers - 8th International Conference on Signal and Image Processing...
Call for Papers - 8th International Conference on Signal and Image Processing...sipij
 

Weitere ähnliche Inhalte

Andere mochten auch

IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Futureamiable_indian
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Lecture artificial neural networks and pattern recognition
Lecture artificial neural networks and pattern recognitionLecture artificial neural networks and pattern recognition
Lecture artificial neural networks and pattern recognitionHưng Đặng
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 

Andere mochten auch (8)

IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Future
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
Snort IPS
Snort IPSSnort IPS
Snort IPS
 
Nfv
NfvNfv
Nfv
 
Lecture artificial neural networks and pattern recognition
Lecture artificial neural networks and pattern recognitionLecture artificial neural networks and pattern recognition
Lecture artificial neural networks and pattern recognition
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Ähnlich wie IDS with Artificial Intelligence

6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...VLSICS Design
 
Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...sipij
 
Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...sipij
 
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...Paolo Nesi
 
6 th International Conference on Image Processing and Pattern Recognition (IP...
6 th International Conference on Image Processing and Pattern Recognition (IP...6 th International Conference on Image Processing and Pattern Recognition (IP...
6 th International Conference on Image Processing and Pattern Recognition (IP...ijesajournal
 
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...Andrea Omicini
 
8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)acijjournal
 
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)VLSICS Design
 
8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)IJCI JOURNAL
 
3rd International Conference on Advances in Artificial Intelligence Techniqu...
3rd International Conference on Advances in Artificial Intelligence Techniqu... 3rd International Conference on Advances in Artificial Intelligence Techniqu...
3rd International Conference on Advances in Artificial Intelligence Techniqu...aciijournal
 
8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)ijcsity
 
8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)ijistjournal
 
11th International Conference on Soft Computing, Artificial Intelligence and...
11th International Conference on Soft Computing, Artificial Intelligence and... 11th International Conference on Soft Computing, Artificial Intelligence and...
11th International Conference on Soft Computing, Artificial Intelligence and...aciijournal
 
Call for Papers - 8th International Conference on Signal and Image Processing...
Call for Papers - 8th International Conference on Signal and Image Processing...Call for Papers - 8th International Conference on Signal and Image Processing...
Call for Papers - 8th International Conference on Signal and Image Processing...sipij
 
8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)ijesajournal
 
Call For Papers - 10th International Conference on Soft Computing, Artificial...
Call For Papers - 10th International Conference on Soft Computing, Artificial...Call For Papers - 10th International Conference on Soft Computing, Artificial...
Call For Papers - 10th International Conference on Soft Computing, Artificial...gerogepatton
 
8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)ijesajournal
 
6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...VLSICS Design
 
5th International Conference on Signal and Image Processing (SIGI 2019)
5th International Conference on Signal and Image Processing (SIGI 2019) 5th International Conference on Signal and Image Processing (SIGI 2019)
5th International Conference on Signal and Image Processing (SIGI 2019) VLSICS Design
 
11th International Conference on Soft Computing, Artificial Intelligence and ...
11th International Conference on Soft Computing, Artificial Intelligence and ...11th International Conference on Soft Computing, Artificial Intelligence and ...
11th International Conference on Soft Computing, Artificial Intelligence and ...ijcsity
 

Ähnlich wie IDS with Artificial Intelligence (20)

6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...
 
Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...
 
Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...Call for papers - 9th International Conference on Signal, Image Processing an...
Call for papers - 9th International Conference on Signal, Image Processing an...
 
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...
Rights Enforcement and Licensing Understanding for RDF Stores Aggregating Ope...
 
6 th International Conference on Image Processing and Pattern Recognition (IP...
6 th International Conference on Image Processing and Pattern Recognition (IP...6 th International Conference on Image Processing and Pattern Recognition (IP...
6 th International Conference on Image Processing and Pattern Recognition (IP...
 
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...
Micro-intelligence for the IoT: Teaching the Old Logic Dog New Programming Tr...
 
8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)
 
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)
CFP: 8th International Conference on Signal and Image Processing (SIPRO 2022)
 
8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)8th International Conference on Cybernetics & Informatics (CYBI 2021)
8th International Conference on Cybernetics & Informatics (CYBI 2021)
 
3rd International Conference on Advances in Artificial Intelligence Techniqu...
3rd International Conference on Advances in Artificial Intelligence Techniqu... 3rd International Conference on Advances in Artificial Intelligence Techniqu...
3rd International Conference on Advances in Artificial Intelligence Techniqu...
 
8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)
 
8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)8 th International Conference on Cybernetics & Informatics (CYBI 2021)
8 th International Conference on Cybernetics & Informatics (CYBI 2021)
 
11th International Conference on Soft Computing, Artificial Intelligence and...
11th International Conference on Soft Computing, Artificial Intelligence and... 11th International Conference on Soft Computing, Artificial Intelligence and...
11th International Conference on Soft Computing, Artificial Intelligence and...
 
Call for Papers - 8th International Conference on Signal and Image Processing...
Call for Papers - 8th International Conference on Signal and Image Processing...Call for Papers - 8th International Conference on Signal and Image Processing...
Call for Papers - 8th International Conference on Signal and Image Processing...
 
8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)
 
Call For Papers - 10th International Conference on Soft Computing, Artificial...
Call For Papers - 10th International Conference on Soft Computing, Artificial...Call For Papers - 10th International Conference on Soft Computing, Artificial...
Call For Papers - 10th International Conference on Soft Computing, Artificial...
 
8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)8 th International Conference on Signal and Image Processing (SIPRO 2022)
8 th International Conference on Signal and Image Processing (SIPRO 2022)
 
6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...6th International Conference on Image Processing and Pattern Recognition (IPP...
6th International Conference on Image Processing and Pattern Recognition (IPP...
 
5th International Conference on Signal and Image Processing (SIGI 2019)
5th International Conference on Signal and Image Processing (SIGI 2019) 5th International Conference on Signal and Image Processing (SIGI 2019)
5th International Conference on Signal and Image Processing (SIGI 2019)
 
11th International Conference on Soft Computing, Artificial Intelligence and ...
11th International Conference on Soft Computing, Artificial Intelligence and ...11th International Conference on Soft Computing, Artificial Intelligence and ...
11th International Conference on Soft Computing, Artificial Intelligence and ...
 

Mehr von Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 

Mehr von Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 

Kürzlich hochgeladen

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 

Kürzlich hochgeladen (20)

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 

IDS with Artificial Intelligence

  • 1. Intrusion Detection System with Artificial Intelligence Mario Castro Ponce Universidad Pontificia Comillas de Madrid FIST Conference - June 2004 edition Sponsored by: MLP Private Finance IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 1/28
  • 2. Aim of the talk 1. Showing you a different approach to Intrussion Detection based on Artificial Intelligence 2. Contact experts in the field to exchange ideas and maybe creating a (pioneer!!!!) working group IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 2/28
  • 3. Sketch of the talk What is an IDS? Architecture of a Vulnerability Detector Why using A.I.? Neurons and other animals Neural-IDS Fuzzy-Correlator Conclusions IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 3/28
  • 4. What is an IDS? Any hardware, software, or combination of thereof that monitors a system or network of systems for malicious activity IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 4/28
  • 5. What is an IDS? Any hardware, software, or combination of thereof that monitors a system or network of systems for malicious activity Main functions Dissuade Prevent Documentate IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 4/28
  • 6. What is an IDS? Any hardware, software, or combination of thereof that monitors a system or network of systems for malicious activity Main functions Dissuade Prevent Documentate Two kinds of IDS Host based Network based IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 4/28
  • 7. Architecture of a Vulnerability Detector Example: OSSIM n IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 5/28
  • 8. Why using AI? The system manager nightmare: The false positives. IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 6/28
  • 9. Why using AI? The system manager nightmare: The false positives. Then? A.I. for three main reasons Flexibility (vs threshold definition) Adaptability (vs specific rules) Pattern recognition (and detection of new patterns) IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 6/28
  • 10. Why using AI? The system manager nightmare: The false positives. Then? A.I. for three main reasons Flexibility (vs threshold definition) Adaptability (vs specific rules) Pattern recognition (and detection of new patterns) Moreover Fast computing (faster than humans, actually) Learning abilities. IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 6/28
  • 11. Neurons and other animals AI TOOLS Neural Networks Fuzzy Logic Other... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 7/28
  • 12. Artificial Neural networks Change of paradigm in computing science: Many dummy processors with a simple task to do against one (or few) powerful versatile processors IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 8/28
  • 13. Neurons and artificial neurons IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 9/28
  • 14. Main types of ANN Multilayer perceptrons OUTPUT LAYER INPUT LAYER HIDDEN LAYER Self-organized maps Radial basis neural networks Other IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 10/28
  • 15. Neural IDS Designed for DoS and port scan attacks IDS based on a multilayer perceptron IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 11/28
  • 16. Neural IDS Designed for DoS and port scan attacks IDS based on a multilayer perceptron Designing the tool Analysis Quantification Topology feed−back Learning & validation IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 11/28
  • 17. First scenario: Port scan Pouring rain analogy Packets from the same source @IP 21 22 23 25 80 PORT NUMBERS IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 12/28
  • 18. Second scenario: Denial of Service Pouring rain analogy Packets from the same source @IP 21 22 23 25 80 PORT NUMBERS IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 13/28
  • 19. Measures Visually the difference between them is clear. . . but quantitatively? IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 20. Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 21. Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Statistical Mechanics Order = Low Entropy Disorder = High Entropy IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 22. Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Solid State Physics (electronics) ATOMS INSULATOR ATOMS CONDUCTOR IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 23. Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Packets from the same source @IP Disorder = High Entropy 21 22 23 25 80 PORT NUMBERS CONDUCTOR IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 24. Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Packets from the same source @IP Order = Low Entropy 21 22 23 25 80 PORT NUMBERS INSULATOR IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 25. Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Traffic parameters Packets per second Fraction of total packets to a port Inverse of the total number of packets IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 26. Measures Visually the difference between them is clear. . . but quantitatively? Measures borrowed from Physics Traffic parameters Packets per second Fraction of total packets to a port Inverse of the total number of packets All measures are evaluated within a time window. Parallel time windows: e.g., 15 sec, 30 sec, 5 minutes, 30 minutes IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 14/28
  • 27. Topology ENTROPY PORT SCAN IPR DENIAL OF SERVICE PACKETS/SEC FRACTION OF PACKETS NONE 1/PACKETS IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 15/28
  • 28. Learning and testing TYPE OF ATTACK LEARNING PATTERNS RATE OF SUCCESS SEQUENCIAL SCAN 20 100 % SEQUENCIAL SCAN 50 100 % RANDOM SCAN 20 100 % RANDOM SCAN 50 100 % DoS 20 70 % DoS 50 80 % ALL 20 60 % ALL 50 65 % IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 16/28
  • 29. Learning and testing TYPE OF ATTACK LEARNING PATTERNS RATE OF SUCCESS SEQUENCIAL SCAN 20 100 % SEQUENCIAL SCAN 50 100 % RANDOM SCAN 20 100 % RANDOM SCAN 50 100 % DoS 20 70 % DoS 50 80 % ALL 20 60 % ALL 50 65 % Best choice: Specialized neural detectors IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 16/28
  • 30. Fuzzy Logic Imitates human perception: Approximate reasoning IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
  • 31. Fuzzy Logic Imitates human perception: Approximate reasoning Example: Air cooler Classical rules: IF Temperature > 25 THEN Switch-on IF Temperature < 21 THEN Switch-off ... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
  • 32. Fuzzy Logic Imitates human perception: Approximate reasoning Example: Air cooler Classical rules: IF Temperature > 25 THEN Switch-on IF Temperature < 21 THEN Switch-off ... Fuzzy rules: IF Temperature is high THEN Switch-on IF Temperature is too low THEN Switch-off ... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
  • 33. Fuzzy Logic Imitates human perception: Approximate reasoning Example: Air cooler Classical rules: IF Temperature > 25 THEN Switch-on IF Temperature < 21 THEN Switch-off ... Fuzzy rules: IF Temperature is high THEN Switch-on IF Temperature is too low THEN Switch-off ... More sofisticated fuzzy rules: IF Temperature is moderate AND my wife is very pregnant THEN Switch-on ... IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 17/28
  • 34. Term sets and grade of membership Thresholds More than 3000 packets/sec ⇒ Possible DoS More than 5000 packets/sec ⇒ DoS! IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 18/28
  • 35. Term sets: Thresholds 0 1 IDS with AI marioc@dsi.icai.upco.es 0 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   1000 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   low ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   2000 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   VOLUME OF TRAFFIC ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡                                   More than 5000 packets/sec ⇒ DoS! More than 3000 packets/sec ⇒ Possible DoS Term sets and grade of membership FIST Conference - june 2004 edition– 18/28
  • 36. Fuzzy correlator: Preliminary work Aim of the research: Use the flexibility and human language features of Fuzzy Logic and include them in the OSSIM Correlation Engine IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 19/28
  • 37. Fuzzy correlator: Preliminary work Aim of the research: Use the flexibility and human language features of Fuzzy Logic and include them in the OSSIM Correlation Engine Status: Preliminary definitions and precedures. IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 19/28
  • 38. More on term sets Input variable: Volume of traffic very low low normal high very high 1 0 0 1000 2000 3000 4000 5000 IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 20/28
  • 39. More on term sets (II) Input variable: Number of visited ports very low low normal high very high 1 0 0 2 4 6 8 10 IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 21/28
  • 40. More on term sets (III) Output variable: DoS Attack? improbable maybe almost sure 1 0 0 0.5 1 Rules (example): IF traffic is high AND number of destination ports is low THEN DoS Evaluating rules gives the required answer ’DoS Attack?’: almost sure IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 22/28
  • 41. OSSIM Correlation Engine Characteristics Depends strongly on timers All the variants of an attack must be coded Cannot detect new attacks Complex sintax IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 23/28
  • 42. Sample scenario: NETBIOS DCERPC ISystemActivator IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 24/28
  • 43. Sample scenario: NETBIOS DCERPC ISystemActivator TIME_OUT IF destination_ports = 135,445 THEN Generate Alarm with Reliability 1 and wait 60 seconds for next rule TIME_OUT AND IF DEST_IP and SRC_IP talk again THEN Alarm, Reliability 3 and wait 60 seconds for next rule AND IF DEST_PORT and SRC_PORT talk again AND plugin_sid=2123 (CMD.EXE) THEN Alarm TIME_OUT Reliability 6 and wait 60 seconds for next rule TIME_OUT AND FINALLY IF plugin_id=2002 and conection lasts more than 10 THEN Alarm with Reliability 10 IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 25/28
  • 44. Fuzzy Correlator revisited: Objectives Going beyond the sequential arrival of packets Integrating different sensors: IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 26/28
  • 45. Fuzzy Correlator revisited: Objectives Going beyond the sequential arrival of packets Integrating different sensors: SNORT Anomaly detection: Abnormal connection to an open port (firewall) Thresholds High traffic at nights or weekends, . . . Neural-IDS Other IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 26/28
  • 46. Fuzzy Correlator revisited: Objectives Going beyond the sequential arrival of packets Integrating different sensors: SNORT Anomaly detection: Abnormal connection to an open port (firewall) Thresholds High traffic at nights or weekends, . . . Neural-IDS Other Defining rules according to Security Manager’s experience IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 26/28
  • 47. Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
  • 48. Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) But there is still a lot of work to do. . . IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
  • 49. Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) But there is still a lot of work to do. . . We need more time. We need more people Students Security experts (working group?) And of course. . . IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
  • 50. Conclusions and open questions AI techniques are Flexible Suitable for pattern recognition Powerful (Neural-IDS) Easy to design (human language) But there is still a lot of work to do. . . We need more time We need more people Students Security experts (working group?) And of course. . . some money to pay it IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 27/28
  • 51. And that’s all folks. . . IDS with AI marioc@dsi.icai.upco.es FIST Conference - june 2004 edition– 28/28