SlideShare ist ein Scribd-Unternehmen logo

Intrusion Detection

Als PPT, PDF herunterladen
Gregory Hanis
Gregory Hanis
TechnologieBildung
1 von 34
Intrusion Detection
Outline Introduction  A Frame for Intrusion Detection System  Intrusion Detection Techniques  Ideas for Improving Intrusion Detection 
What is the Intrusion Detection  Intrusions are the activities that violate the security policy of system.  Intrusion Detection is the process used to identify intrusions.
Types of Intrusion Detection System(1) Based on the sources of the audit information used by each IDS, the IDSs may be classified into – Host-base IDSs – Distributed IDSs – Network-based IDSs
Types of Intrusion Detection System(2)  Host-based IDSs – Get audit data from host audit trails. – Detect attacks against a single host  Distributed IDSs – Gather audit data from multiple host and possibly the network that connects the hosts – Detect attacks involving multiple hosts  Network-Based IDSs – Use network traffic as the audit data source, relieving the burden on the hosts that usually provide normal computing services – Detect attacks from network.
Intrusion Detection Techniques  Misuse detection – Catch the intrusions in terms of the characteristics of known attacks or system vulnerabilities.  Anomaly detection – Detect any action that significantly deviates from the normal behavior.
Misuse Detection  Based on known attack actions.  Feature extract from known intrusions  Integrate the Human knowledge.  The rules are pre-defined  Disadvantage: – Cannot detect novel or unknown attacks
Misuse Detection Methods & System Method System Rule-based Languages RUSSEL,P-BEST State Transition Analysis STAT family(STAT,USTAT,NS TAT,NetSTAT) Colored Petri Automata Expert System IDIOT IDES,NIDX,PBEST,ISOA Case Based reasoning AutiGUARD
Anomaly Detection  Based on the normal behavior of a subject. Sometime assume the training audit data does not include intrusion data.  Any action that significantly deviates from the normal behavior is considered intrusion.
Anomaly Detection Methods & System Method Statistical method System IDES, NIDES, EMERALD Machine Learning techniques     Time-Based inductive Machine Instance Based Learning Neural Network … Data mining approaches JAM, MADAM ID
Anomaly Detection Disadvantages  Based on audit data collected over a period of normal operation. – When a noise(intrusion) data in the training data, it will make a mis-classification.  How to decide the features to be used. The features are usually decided by domain experts. It may be not completely.
Misuse Detection vs. Anomaly Detection Advantage Disadvantage Misuse Detection Accurately and generate much fewer false alarm Cannot detect novel or unknown attacks Anomaly Detection Is able to detect unknown attacks based on audit High false-alarm and limited by training data.
The Frame for Intrusion Detection
Intrusion Detection Approaches Define and extract the features of behavior in system 2. Define and extract the Rules of Intrusion 3. Apply the rules to detect the intrusion 1. Audit Data 3 Training Audit Data 1 Features 2 Rules 3 Pattern matching or Classification
Thinking about The Intrusion Detection System Intrusion Detection system is a pattern discover and pattern recognition system.  The Pattern (Rule) is the most important part in the Intrusion Detection System  – – – Pattern(Rule) Expression Pattern(Rule) Discover Pattern Matching & Pattern Recognition.
Machine Learning & Data mining & Statistics methods Traning Audit Data Feature Extraction Training Data & Knowled ge Pattern Extraction Expert Knowledge & Rule collection & Rule abstraction Pattern & Decision Rule Pattern Matching Alarms Intrusion Detection System Discriminate function Pass Pattern Recognition Real-Time Aduit data
Rule Discover Method  Expert System  Measure Based method – Statistical method – Information-Theoretic Measures – Outlier analysis  Discovery Association Rules  Classification  Cluster
Pattern Matching & Pattern Recognition Methods  Pattern Matching  State Transition & Automata Analysis  Case Based reasoning  Expert System  Measure Based method – Statistical method – Information-Theoretic Measures – Outlier analysis  Association Pattern  Machine Learning method
Intrusion Detection Techniques
Intrusion Detection Techniques  Pattern Matching  Measure Based method  Data Mining method  Machine Learning Method
Pattern Matching  KMP-Multiple patterns matching Algorithm – Using keyword tree to search – Building failure link to guarantee linear time searching  Shift-And(Or) pattern matching Algorithm – A classical approximate pattern matching algorithm  Karp-Rabin fingerprint method – Using the Modular arithmetic and Remainder theorem to match pattern … (Such as regular expression pattern matching)
Measure Based Method Statistical Methods & Information-Theoretic Measures  Define a set of measures to measure different aspects of a subject of behavior. (Define Pattern)  Generate an overall measure to reflect the abnormality of the behavior. For example: – statistic T2= M12+M22 +…+Mn2 – weighted intrusion score = Σ Mi*Wi – Entropy: H(X|Y)= Σ Σ P(X|Y) (-log(P(X|Y)))  Define the threshold for the overall measure
Association Pattern Discover  Goal is to derive multi-feature (attribute) correlations from a set of records.  An expression of an association pattern:  The Pattern Discover Algorithm: 1. 2. Apriori Algorithm FP(frequent pattern)-Tree
Association Pattern Example
Association Pattern Detecting  Statistics Approaches – Constructing temporal statistical features from discovered pattern. – Using measure-based method to detect intrusion  Pattern Matching – Nobody discuss this idea.
Machine Learning Method  Time-Based Inductive Machine – Like Bayes Network, use the probability and a direct graph to predict the next event  Instance Based Learning – Define a distance to measure the similarity between feature vectors  Neural … Network
Classification  This is supervised learning. The class will be predetermined in training phase.  Define the character of classes in training phase.  A common approach in pattern recognition system
Clustering  This is unsupervised learning. There are not predetermined classes in data.  Given a set of measurement, the aim is that establishes the class or group in the data. It will output the character of each class or group.  In the detection phase, this method will get more time cost (O(n2)). I suggest this method only use in pattern discover phase
Ideas for improving Intrusion Detection
Idea 1: Association Pattern Detecting  Using the pattern matching algorithm to match the pattern in sequent data for detecting intrusion. No necessary to construct the measure.  But its time cost is depend on the number of association patterns.  It possible constructs a pattern tree to improve the pattern matching time cost to linear time
Idea 2: Discover Pattern from Rules  The exist rules are the knowledge from experts knowledge or other system.  The different methods will measure different aspects of intrusions.  Combine these rules may find other new patterns of unknown attack.  For example: – Snort has a set of rule which come from different people. The rules may have different aspects of intrusions. – We can use the data mining or machine learning method to discover the pattern from these rule.
Machine Learning & Data mining & Statistics methods Traning Audit Data Feature Extraction Training Data & Knowled ge Pattern Extraction Expert Knowledge & Rule collection & Rule abstraction Pattern & Decision Rule Pattern Matching Alarms Intrusion Detection System Discriminate function Pass Pattern Recognition Real-Time Aduit data
Reference     Lee, W., & Stolfo, S.J. (2000). A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security, 3 (4) (pp. 227-261). Jian Pei,Data Mining for Intrusion Detection:Techniques,Applications and Systems, Proceedings of the 20th International Conference on Data Engineering (ICDE 04) Peng Ning and Sushil Jajodia,Intrusion Detection Techniques. From http://discovery.csc.ncsu.edu/Courses/csc774-S03/IDTechniques.pdf Snort---The open source intrusion detection system. (2002). Retrieved February 13, 2003, from http://www.snort.org.
Thank you!

Empfohlen

Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemAvinash Kumar
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Practical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approachesPractical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approachesFull Stack Developer at Electro Mizan Andisheh
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
INTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUESINTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUESTrinity Dwarka
 
Anomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningAnomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningKuppusamy P
 
Anomaly detection
Anomaly detectionAnomaly detection
Anomaly detectionQuantUniversity
 

Empfohlen

Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemAvinash Kumar
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Practical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approachesPractical real-time intrusion detection using machine learning approaches
Practical real-time intrusion detection using machine learning approachesFull Stack Developer at Electro Mizan Andisheh
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
INTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUESINTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUESTrinity Dwarka
 
Anomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningAnomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningKuppusamy P
 
Anomaly detection
Anomaly detectionAnomaly detection
Anomaly detectionQuantUniversity
 
Anomaly detection
Anomaly detectionAnomaly detection
Anomaly detectionHitesh Mohapatra
 
OLAP & DATA WAREHOUSE
OLAP & DATA WAREHOUSEOLAP & DATA WAREHOUSE
OLAP & DATA WAREHOUSEZalpa Rathod
 
Data mining techniques unit 1
Data mining techniques unit 1Data mining techniques unit 1
Data mining techniques unit 1malathieswaran29
 
Data mining primitives
Data mining primitivesData mining primitives
Data mining primitiveslavanya marichamy
 
Anomaly detection Workshop slides
Anomaly detection Workshop slidesAnomaly detection Workshop slides
Anomaly detection Workshop slidesQuantUniversity
 
Anomaly detection with machine learning at scale
Anomaly detection with machine learning at scaleAnomaly detection with machine learning at scale
Anomaly detection with machine learning at scaleImpetus Technologies
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
 
Anomaly detection
Anomaly detectionAnomaly detection
Anomaly detectionDr. Stylianos Kampakis
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Fundamentals of data mining and its applications
Fundamentals of data mining and its applicationsFundamentals of data mining and its applications
Fundamentals of data mining and its applicationsSubrat Swain
 
Introduction to Machine Learning with SciKit-Learn
Introduction to Machine Learning with SciKit-LearnIntroduction to Machine Learning with SciKit-Learn
Introduction to Machine Learning with SciKit-LearnBenjamin Bengfort
 
WSN presentation
WSN presentationWSN presentation
WSN presentationBraj Raj Singh
 
Analysis modeling
Analysis modelingAnalysis modeling
Analysis modelingPreeti Mishra
 
Software analysis and it's principles
Software analysis and it's principlesSoftware analysis and it's principles
Software analysis and it's principlesGhulam Abbas
 
Authentication in cloud computing
Authentication in cloud computingAuthentication in cloud computing
Authentication in cloud computingvidhya dharmarajan
 
Mining single dimensional boolean association rules from transactional
Mining single dimensional boolean association rules from transactionalMining single dimensional boolean association rules from transactional
Mining single dimensional boolean association rules from transactionalramya marichamy
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Data Analytics Life Cycle
Data Analytics Life CycleData Analytics Life Cycle
Data Analytics Life CycleDr. C.V. Suresh Babu
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Polishing system 06 2010 gb
Polishing system 06 2010 gbPolishing system 06 2010 gb
Polishing system 06 2010 gbFerruccio Basetti
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
 

Weitere ähnliche Inhalte

Was ist angesagt?

OLAP & DATA WAREHOUSE
OLAP & DATA WAREHOUSEOLAP & DATA WAREHOUSE
OLAP & DATA WAREHOUSEZalpa Rathod
 
Data mining techniques unit 1
Data mining techniques unit 1Data mining techniques unit 1
Data mining techniques unit 1malathieswaran29
 
Anomaly detection Workshop slides
Anomaly detection Workshop slidesAnomaly detection Workshop slides
Anomaly detection Workshop slidesQuantUniversity
 
Anomaly detection with machine learning at scale
Anomaly detection with machine learning at scaleAnomaly detection with machine learning at scale
Anomaly detection with machine learning at scaleImpetus Technologies
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsOmar Shaya
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Fundamentals of data mining and its applications
Fundamentals of data mining and its applicationsFundamentals of data mining and its applications
Fundamentals of data mining and its applicationsSubrat Swain
 
Introduction to Machine Learning with SciKit-Learn
Introduction to Machine Learning with SciKit-LearnIntroduction to Machine Learning with SciKit-Learn
Introduction to Machine Learning with SciKit-LearnBenjamin Bengfort
 
Software analysis and it's principles
Software analysis and it's principlesSoftware analysis and it's principles
Software analysis and it's principlesGhulam Abbas
 
Authentication in cloud computing
Authentication in cloud computingAuthentication in cloud computing
Authentication in cloud computingvidhya dharmarajan
 
Mining single dimensional boolean association rules from transactional
Mining single dimensional boolean association rules from transactionalMining single dimensional boolean association rules from transactional
Mining single dimensional boolean association rules from transactionalramya marichamy
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 

Was ist angesagt? (20)

Anomaly detection
Anomaly detectionAnomaly detection
Anomaly detection
 
OLAP & DATA WAREHOUSE
OLAP & DATA WAREHOUSEOLAP & DATA WAREHOUSE
OLAP & DATA WAREHOUSE
 
Data mining techniques unit 1
Data mining techniques unit 1Data mining techniques unit 1
Data mining techniques unit 1
 
Data mining primitives
Data mining primitivesData mining primitives
Data mining primitives
 
Anomaly detection Workshop slides
Anomaly detection Workshop slidesAnomaly detection Workshop slides
Anomaly detection Workshop slides
 
Anomaly detection with machine learning at scale
Anomaly detection with machine learning at scaleAnomaly detection with machine learning at scale
Anomaly detection with machine learning at scale
 
Using Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection SystemsUsing Machine Learning in Networks Intrusion Detection Systems
Using Machine Learning in Networks Intrusion Detection Systems
 
Anomaly detection
Anomaly detectionAnomaly detection
Anomaly detection
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Fundamentals of data mining and its applications
Fundamentals of data mining and its applicationsFundamentals of data mining and its applications
Fundamentals of data mining and its applications
 
Introduction to Machine Learning with SciKit-Learn
Introduction to Machine Learning with SciKit-LearnIntroduction to Machine Learning with SciKit-Learn
Introduction to Machine Learning with SciKit-Learn
 
WSN presentation
WSN presentationWSN presentation
WSN presentation
 
Analysis modeling
Analysis modelingAnalysis modeling
Analysis modeling
 
Software analysis and it's principles
Software analysis and it's principlesSoftware analysis and it's principles
Software analysis and it's principles
 
Authentication in cloud computing
Authentication in cloud computingAuthentication in cloud computing
Authentication in cloud computing
 
Mining single dimensional boolean association rules from transactional
Mining single dimensional boolean association rules from transactionalMining single dimensional boolean association rules from transactional
Mining single dimensional boolean association rules from transactional
 
Network security
Network securityNetwork security
Network security
 
Data Analytics Life Cycle
Data Analytics Life CycleData Analytics Life Cycle
Data Analytics Life Cycle
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 

Andere mochten auch

Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
 
IDS Project: Promoting library excellence through community and technology
IDS Project: Promoting library excellence through community and technologyIDS Project: Promoting library excellence through community and technology
IDS Project: Promoting library excellence through community and technologyTim Bowersox
 
Intrusion Detection System for Applications using Linux Containers
Intrusion Detection System for Applications using Linux ContainersIntrusion Detection System for Applications using Linux Containers
Intrusion Detection System for Applications using Linux ContainersAmr Abed
 
Intrusion Detection Techniques for Mobile Wireless Networks
Intrusion Detection Techniques for Mobile Wireless NetworksIntrusion Detection Techniques for Mobile Wireless Networks
Intrusion Detection Techniques for Mobile Wireless Networksguest1b5f71
 
Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection amiable_indian
 
Intrusion detection in wireless sensor network
Intrusion detection in wireless sensor networkIntrusion detection in wireless sensor network
Intrusion detection in wireless sensor networkVinayak Raja
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemSweta Sharma
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data miningbalbeerrawat
 
Intruders
IntrudersIntruders
Intruderstechn
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
Dijkstra's algorithm
Dijkstra's algorithmDijkstra's algorithm
Dijkstra's algorithmgsp1294
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
Dijkstra’S Algorithm
Dijkstra’S AlgorithmDijkstra’S Algorithm
Dijkstra’S Algorithmami_01
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 

Andere mochten auch (15)

Polishing system 06 2010 gb
Polishing system 06 2010 gbPolishing system 06 2010 gb
Polishing system 06 2010 gb
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern mining
 
IDS Project: Promoting library excellence through community and technology
IDS Project: Promoting library excellence through community and technologyIDS Project: Promoting library excellence through community and technology
IDS Project: Promoting library excellence through community and technology
 
Intrusion Detection System for Applications using Linux Containers
Intrusion Detection System for Applications using Linux ContainersIntrusion Detection System for Applications using Linux Containers
Intrusion Detection System for Applications using Linux Containers
 
Intrusion Detection Techniques for Mobile Wireless Networks
Intrusion Detection Techniques for Mobile Wireless NetworksIntrusion Detection Techniques for Mobile Wireless Networks
Intrusion Detection Techniques for Mobile Wireless Networks
 
Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection
 
Intrusion detection in wireless sensor network
Intrusion detection in wireless sensor networkIntrusion detection in wireless sensor network
Intrusion detection in wireless sensor network
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data mining
 
Intruders
IntrudersIntruders
Intruders
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Dijkstra's algorithm
Dijkstra's algorithmDijkstra's algorithm
Dijkstra's algorithm
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Dijkstra’S Algorithm
Dijkstra’S AlgorithmDijkstra’S Algorithm
Dijkstra’S Algorithm
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 

Ähnlich wie Intrusion Detection

Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detectionbutest
 
Intrusion Detection and Forensics based on decision tree and Association rule...
Intrusion Detection and Forensics based on decision tree and Association rule...Intrusion Detection and Forensics based on decision tree and Association rule...
Intrusion Detection and Forensics based on decision tree and Association rule...IJMER
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachSuraj Chauhan
 
DB-OLS: An Approach for IDS1
DB-OLS: An Approach for IDS1DB-OLS: An Approach for IDS1
DB-OLS: An Approach for IDS1IJITE
 
Analysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningAnalysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningPritesh Ranjan
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
 
Supervised Machine Learning Algorithms for Intrusion Detection.pptx
Supervised Machine Learning Algorithms for Intrusion Detection.pptxSupervised Machine Learning Algorithms for Intrusion Detection.pptx
Supervised Machine Learning Algorithms for Intrusion Detection.pptxssuserf3a100
 
Comparison of Data Mining Techniques used in Anomaly Based IDS
Comparison of Data Mining Techniques used in Anomaly Based IDS Comparison of Data Mining Techniques used in Anomaly Based IDS
Comparison of Data Mining Techniques used in Anomaly Based IDS IRJET Journal
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
 
Study on Data Mining Suitability for Intrusion Detection System (IDS)
Study on Data Mining Suitability for Intrusion Detection System (IDS)Study on Data Mining Suitability for Intrusion Detection System (IDS)
Study on Data Mining Suitability for Intrusion Detection System (IDS)ijdmtaiir
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxUnderstanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxRineri1
 
V1_I1_2012_Paper3.docx
V1_I1_2012_Paper3.docxV1_I1_2012_Paper3.docx
V1_I1_2012_Paper3.docxpraveena06
 
A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detectionMohamed Elfadly
 
A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detectionMohamed Elfadly
 
A Survey On Intrusion Detection Systems
A Survey On Intrusion Detection SystemsA Survey On Intrusion Detection Systems
A Survey On Intrusion Detection SystemsMary Calkins
 
Classification Rule Discovery Using Ant-Miner Algorithm: An Application Of N...
Classification Rule Discovery Using Ant-Miner Algorithm: An Application Of N...Classification Rule Discovery Using Ant-Miner Algorithm: An Application Of N...
Classification Rule Discovery Using Ant-Miner Algorithm: An Application Of N...IJMER
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Editor IJARCET
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Editor IJARCET
 

Ähnlich wie Intrusion Detection (20)

I Dunderstn
I DunderstnI Dunderstn
I Dunderstn
 
Intrusion Detection
Intrusion DetectionIntrusion Detection
Intrusion Detection
 
DM for IDS
DM for IDSDM for IDS
DM for IDS
 
Intrusion Detection and Forensics based on decision tree and Association rule...
Intrusion Detection and Forensics based on decision tree and Association rule...Intrusion Detection and Forensics based on decision tree and Association rule...
Intrusion Detection and Forensics based on decision tree and Association rule...
 
Databse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining ApproachDatabse Intrusion Detection Using Data Mining Approach
Databse Intrusion Detection Using Data Mining Approach
 
DB-OLS: An Approach for IDS1
DB-OLS: An Approach for IDS1DB-OLS: An Approach for IDS1
DB-OLS: An Approach for IDS1
 
Analysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data MiningAnalysis and Design for Intrusion Detection System Based on Data Mining
Analysis and Design for Intrusion Detection System Based on Data Mining
 
Intrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern miningIntrusion detection and anomaly detection system using sequential pattern mining
Intrusion detection and anomaly detection system using sequential pattern mining
 
Supervised Machine Learning Algorithms for Intrusion Detection.pptx
Supervised Machine Learning Algorithms for Intrusion Detection.pptxSupervised Machine Learning Algorithms for Intrusion Detection.pptx
Supervised Machine Learning Algorithms for Intrusion Detection.pptx
 
Comparison of Data Mining Techniques used in Anomaly Based IDS
Comparison of Data Mining Techniques used in Anomaly Based IDS Comparison of Data Mining Techniques used in Anomaly Based IDS
Comparison of Data Mining Techniques used in Anomaly Based IDS
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
 
Study on Data Mining Suitability for Intrusion Detection System (IDS)
Study on Data Mining Suitability for Intrusion Detection System (IDS)Study on Data Mining Suitability for Intrusion Detection System (IDS)
Study on Data Mining Suitability for Intrusion Detection System (IDS)
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxUnderstanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptx
 
V1_I1_2012_Paper3.docx
V1_I1_2012_Paper3.docxV1_I1_2012_Paper3.docx
V1_I1_2012_Paper3.docx
 
A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detection
 
A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detection
 
A Survey On Intrusion Detection Systems
A Survey On Intrusion Detection SystemsA Survey On Intrusion Detection Systems
A Survey On Intrusion Detection Systems
 
Classification Rule Discovery Using Ant-Miner Algorithm: An Application Of N...
Classification Rule Discovery Using Ant-Miner Algorithm: An Application Of N...Classification Rule Discovery Using Ant-Miner Algorithm: An Application Of N...
Classification Rule Discovery Using Ant-Miner Algorithm: An Application Of N...
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194
 

Mehr von Gregory Hanis

To cert or not to cert
To cert or not to certTo cert or not to cert
To cert or not to certGregory Hanis
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverGregory Hanis
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Rollingstone greghanis
Rollingstone greghanisRollingstone greghanis
Rollingstone greghanisGregory Hanis
 
Penetration testing is a field which has experienced rapid growth over the years
Penetration testing is a field which has experienced rapid growth over the yearsPenetration testing is a field which has experienced rapid growth over the years
Penetration testing is a field which has experienced rapid growth over the yearsGregory Hanis
 
Javascript Deofuscation A manual Approach
Javascript Deofuscation A manual ApproachJavascript Deofuscation A manual Approach
Javascript Deofuscation A manual ApproachGregory Hanis
 

Mehr von Gregory Hanis (14)

Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcamp
 
To cert or not to cert
To cert or not to certTo cert or not to cert
To cert or not to cert
 
Windows great again
Windows great againWindows great again
Windows great again
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
 
Oop in php_tutorial
Oop in php_tutorialOop in php_tutorial
Oop in php_tutorial
 
Suncoastscam
SuncoastscamSuncoastscam
Suncoastscam
 
Rollingstone greghanis
Rollingstone greghanisRollingstone greghanis
Rollingstone greghanis
 
Penetration testing is a field which has experienced rapid growth over the years
Penetration testing is a field which has experienced rapid growth over the yearsPenetration testing is a field which has experienced rapid growth over the years
Penetration testing is a field which has experienced rapid growth over the years
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
 
security IDS
security IDSsecurity IDS
security IDS
 
Pm final project
Pm final projectPm final project
Pm final project
 
Javascript Deofuscation A manual Approach
Javascript Deofuscation A manual ApproachJavascript Deofuscation A manual Approach
Javascript Deofuscation A manual Approach
 

Kürzlich hochgeladen

Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandIES VE
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimaginedpanagenda
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfUK Journal
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPTiSEO AI
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentationyogeshlabana357357
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 

Kürzlich hochgeladen (20)

Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 

Intrusion Detection

  • 2. Outline Introduction  A Frame for Intrusion Detection System  Intrusion Detection Techniques  Ideas for Improving Intrusion Detection 
  • 3. What is the Intrusion Detection  Intrusions are the activities that violate the security policy of system.  Intrusion Detection is the process used to identify intrusions.
  • 4. Types of Intrusion Detection System(1) Based on the sources of the audit information used by each IDS, the IDSs may be classified into – Host-base IDSs – Distributed IDSs – Network-based IDSs
  • 5. Types of Intrusion Detection System(2)  Host-based IDSs – Get audit data from host audit trails. – Detect attacks against a single host  Distributed IDSs – Gather audit data from multiple host and possibly the network that connects the hosts – Detect attacks involving multiple hosts  Network-Based IDSs – Use network traffic as the audit data source, relieving the burden on the hosts that usually provide normal computing services – Detect attacks from network.
  • 6. Intrusion Detection Techniques  Misuse detection – Catch the intrusions in terms of the characteristics of known attacks or system vulnerabilities.  Anomaly detection – Detect any action that significantly deviates from the normal behavior.
  • 7. Misuse Detection  Based on known attack actions.  Feature extract from known intrusions  Integrate the Human knowledge.  The rules are pre-defined  Disadvantage: – Cannot detect novel or unknown attacks
  • 8. Misuse Detection Methods & System Method System Rule-based Languages RUSSEL,P-BEST State Transition Analysis STAT family(STAT,USTAT,NS TAT,NetSTAT) Colored Petri Automata Expert System IDIOT IDES,NIDX,PBEST,ISOA Case Based reasoning AutiGUARD
  • 9. Anomaly Detection  Based on the normal behavior of a subject. Sometime assume the training audit data does not include intrusion data.  Any action that significantly deviates from the normal behavior is considered intrusion.
  • 10. Anomaly Detection Methods & System Method Statistical method System IDES, NIDES, EMERALD Machine Learning techniques     Time-Based inductive Machine Instance Based Learning Neural Network … Data mining approaches JAM, MADAM ID
  • 11. Anomaly Detection Disadvantages  Based on audit data collected over a period of normal operation. – When a noise(intrusion) data in the training data, it will make a mis-classification.  How to decide the features to be used. The features are usually decided by domain experts. It may be not completely.
  • 12. Misuse Detection vs. Anomaly Detection Advantage Disadvantage Misuse Detection Accurately and generate much fewer false alarm Cannot detect novel or unknown attacks Anomaly Detection Is able to detect unknown attacks based on audit High false-alarm and limited by training data.
  • 13. The Frame for Intrusion Detection
  • 14. Intrusion Detection Approaches Define and extract the features of behavior in system 2. Define and extract the Rules of Intrusion 3. Apply the rules to detect the intrusion 1. Audit Data 3 Training Audit Data 1 Features 2 Rules 3 Pattern matching or Classification
  • 15. Thinking about The Intrusion Detection System Intrusion Detection system is a pattern discover and pattern recognition system.  The Pattern (Rule) is the most important part in the Intrusion Detection System  – – – Pattern(Rule) Expression Pattern(Rule) Discover Pattern Matching & Pattern Recognition.
  • 16. Machine Learning & Data mining & Statistics methods Traning Audit Data Feature Extraction Training Data & Knowled ge Pattern Extraction Expert Knowledge & Rule collection & Rule abstraction Pattern & Decision Rule Pattern Matching Alarms Intrusion Detection System Discriminate function Pass Pattern Recognition Real-Time Aduit data
  • 17. Rule Discover Method  Expert System  Measure Based method – Statistical method – Information-Theoretic Measures – Outlier analysis  Discovery Association Rules  Classification  Cluster
  • 18. Pattern Matching & Pattern Recognition Methods  Pattern Matching  State Transition & Automata Analysis  Case Based reasoning  Expert System  Measure Based method – Statistical method – Information-Theoretic Measures – Outlier analysis  Association Pattern  Machine Learning method
  • 20. Intrusion Detection Techniques  Pattern Matching  Measure Based method  Data Mining method  Machine Learning Method
  • 21. Pattern Matching  KMP-Multiple patterns matching Algorithm – Using keyword tree to search – Building failure link to guarantee linear time searching  Shift-And(Or) pattern matching Algorithm – A classical approximate pattern matching algorithm  Karp-Rabin fingerprint method – Using the Modular arithmetic and Remainder theorem to match pattern … (Such as regular expression pattern matching)
  • 22. Measure Based Method Statistical Methods & Information-Theoretic Measures  Define a set of measures to measure different aspects of a subject of behavior. (Define Pattern)  Generate an overall measure to reflect the abnormality of the behavior. For example: – statistic T2= M12+M22 +…+Mn2 – weighted intrusion score = Σ Mi*Wi – Entropy: H(X|Y)= Σ Σ P(X|Y) (-log(P(X|Y)))  Define the threshold for the overall measure
  • 23. Association Pattern Discover  Goal is to derive multi-feature (attribute) correlations from a set of records.  An expression of an association pattern:  The Pattern Discover Algorithm: 1. 2. Apriori Algorithm FP(frequent pattern)-Tree
  • 25. Association Pattern Detecting  Statistics Approaches – Constructing temporal statistical features from discovered pattern. – Using measure-based method to detect intrusion  Pattern Matching – Nobody discuss this idea.
  • 26. Machine Learning Method  Time-Based Inductive Machine – Like Bayes Network, use the probability and a direct graph to predict the next event  Instance Based Learning – Define a distance to measure the similarity between feature vectors  Neural … Network
  • 27. Classification  This is supervised learning. The class will be predetermined in training phase.  Define the character of classes in training phase.  A common approach in pattern recognition system
  • 28. Clustering  This is unsupervised learning. There are not predetermined classes in data.  Given a set of measurement, the aim is that establishes the class or group in the data. It will output the character of each class or group.  In the detection phase, this method will get more time cost (O(n2)). I suggest this method only use in pattern discover phase
  • 29. Ideas for improving Intrusion Detection
  • 30. Idea 1: Association Pattern Detecting  Using the pattern matching algorithm to match the pattern in sequent data for detecting intrusion. No necessary to construct the measure.  But its time cost is depend on the number of association patterns.  It possible constructs a pattern tree to improve the pattern matching time cost to linear time
  • 31. Idea 2: Discover Pattern from Rules  The exist rules are the knowledge from experts knowledge or other system.  The different methods will measure different aspects of intrusions.  Combine these rules may find other new patterns of unknown attack.  For example: – Snort has a set of rule which come from different people. The rules may have different aspects of intrusions. – We can use the data mining or machine learning method to discover the pattern from these rule.
  • 32. Machine Learning & Data mining & Statistics methods Traning Audit Data Feature Extraction Training Data & Knowled ge Pattern Extraction Expert Knowledge & Rule collection & Rule abstraction Pattern & Decision Rule Pattern Matching Alarms Intrusion Detection System Discriminate function Pass Pattern Recognition Real-Time Aduit data
  • 33. Reference     Lee, W., & Stolfo, S.J. (2000). A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security, 3 (4) (pp. 227-261). Jian Pei,Data Mining for Intrusion Detection:Techniques,Applications and Systems, Proceedings of the 20th International Conference on Data Engineering (ICDE 04) Peng Ning and Sushil Jajodia,Intrusion Detection Techniques. From http://discovery.csc.ncsu.edu/Courses/csc774-S03/IDTechniques.pdf Snort---The open source intrusion detection system. (2002). Retrieved February 13, 2003, from http://www.snort.org.