Intrusion Detection Using AspectJ - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Intrusion Detection Using AspectJ

Description:

Authentication and authorization are not enough to guarantee ... [2] Matt Bishop. ' Computer Security: Art and. Sciences,' Addison-Wesley Professional; ... – PowerPoint PPT presentation

Number of Views:77
Avg rating:3.0/5.0
Slides: 16
Provided by: Ivan214
Category:

less

Transcript and Presenter's Notes

Title: Intrusion Detection Using AspectJ


1
Intrusion Detection Using AspectJ
  • Ivan Vargas
  • David Flores

2
Outline
  • Proposal Overview
  • Goals
  • Intrusion Detection Models
  • Implementation and Program Demo
  • Issues
  • Future Work
  • Conclusions

3
Proposal Overview
  • Confidentiality consists in ensuring that
    information is accessible only to those
    authorized to have access.
  • Authentication and authorization are not enough
    to guarantee confidentiality.
  • Intrusion detection can deem an action as
    suspicious even if the user is authenticated and
    authorized.
  • Intrusion detection systems might be built using
    aspect-oriented programming.

4
Goals
  • Build a system that can detect when an
    unauthorized user is in a system.
  • Apply Intrusion Detection techniques within a
    Java system using AspectJ.
  • Take advantage of aspects to detect when an
    unusual event occurred.
  • Show that Intrusion Detection techniques can be
    done in a well-modularized and maintainable way
    using aspects.

5
Intrusion Detection Models
  • Anomaly Modeling
  • Analyzes a set of characteristics of the system
    and compares their behavior with a set of
    expected values.
  • Threshold Model
  • Markov Model
  • Misuse Modeling
  • Specification Modeling

6
Threshold Model
  • A minimum of m and a maximum of n events are
    expected to occur.
  • If, over a specific period of time, fewer than m
    or more than n events occur, the behavior is
    deemed anomalous.
  • Most system logins use this model

7
BankJ
8
Markov Model
  • System is always in a particular state based on
    previous user actions (events).
  • When the next event occurs, the system
    transitions into a new state.
  • A set of probabilities of transition can be
    developed over time.
  • When an event occurs that causes a transition
    with low probability, the event is deemed
    anomalous.

9
Example
  • Previous actions
  • open read write open mmap write
    fchmod close
  • Database (trace length 4)
  • open read write open
  • open mmap write fchmod
  • read write open mmap
  • write open mmap write
  • write fchmod close
  • mmap write fchmod close
  • fchmod close
  • close

10
Example (Continued)
  • What happens with the following sequence?
  • open read read open mmap write
    fchmod close
  • of mismatches 5
  • Maximum of pairwise mismatches 18
  • Mismatch rate 28

11
AgendaJ
12
Issues
  • If attempted sequence is x y z and the database
    is w y z, should mismatches be 1 or 2?
  • If attempted sequence is x y and the database
    is x z, should mismatch rate be 100?

13
Future Work
  • Use other Intrusion Detection models (such as
    statistical moments) to determine which method is
    more accurate and efficient.
  • Investigate the found issues in order to
    determine which approach yields more accurate
    results.

14
Conclusions
  • AspectJ is a powerful tool to implement Intrusion
    Detection Models
  • Aspects implementing these models are
    understandable, well-modularized, and
    maintainable.

15
References
  • 1 Wikipedia
  • http//en.wikipedia.org/wiki/Confidentiality
  • 2 Matt Bishop. Computer Security Art and
  • Sciences, Addison-Wesley Professional
  • 1st edition (December 2, 2002)
Write a Comment
User Comments (0)
About PowerShow.com