An Intelligent Firewall to Detect Novel Attack An Integrated Approach based on Anomaly Detection Against Virus Attacks - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

An Intelligent Firewall to Detect Novel Attack An Integrated Approach based on Anomaly Detection Against Virus Attacks

Description:

... malicious code from entering network nodes by detecting malicious code patterns, ... Current IDSs do not prevent an packet which contains a malicious code ... – PowerPoint PPT presentation

Number of Views:133
Avg rating:3.0/5.0
Slides: 10
Provided by: ssrnet
Category:

less

Transcript and Presenter's Notes

Title: An Intelligent Firewall to Detect Novel Attack An Integrated Approach based on Anomaly Detection Against Virus Attacks


1
An Intelligent Firewall to Detect Novel AttackAn
Integrated Approach based on Anomaly Detection
Against Virus Attacks
  • InSeon Yoo and Ulrich Ultes-Nitsche
  • Proceedings of the 2002 KSEAUK

2
Novel Attacks
  • Practical IDS
  • Signature based
  • The performance of these systems is limited by
    the signature database
  • Many known attacks can be easily modified to
    present many different signatures
  • Novel Attacks
  • Cannot be present in the database, and will
    nearly always be missed

3
Virus Monitor
  • Traditional Virus Monitors
  • To prevent malicious code from entering network
    nodes by detecting malicious code patterns, for
    instance in an e-mail attachment
  • But new viruses will only become detectable after
    their pattern characteristics have been analyzed

4
Intelligent Firewall
  • Main Purpose
  • Anomaly detection capability, which will be
    achieved by applying AI techniques to detect
    unusual network traffic
  • To integrate as many security functionality as
    possible into firewall
  • An intelligent firewall that contains a smart
    detection engine for malicious data packets
  • Malicious Data Packet
  • Unusual content of data packets which contain an
    unknown potential viruses

5
Malicious Data Packet
Header
Static string
ABCDEFGHIJLMNOPQRSTUVWXYZ
Packet Body
6
Integrating Firewalls
  • The Need
  • Current IDSs do not prevent an packet which
    contains a malicious code
  • A virus associated with a DoS attack spreads
    through the internet (e.g. the CodeRed virus)
  • Virus monitors and IDSs should co-operate to
    prevent such an attack

7
Potential Approaches
  • To accomplish the detection engine which will be
    capable of identifying new viruses
  • First
  • BNN (Bayesian Belief Network)
  • A special type of diagram together with an
    associated set of probability tables
  • Nodes of the BNN represent entities and their
    attributes
  • The arcs describe the relationships between these
    entities
  • BBNs are beneficial to model uncertain events
    arguments about them

8
Potential Approaches
  • Second
  • Neural Network Approach
  • To distinguish between good and bad patterns
    in data packets based on incomplete knowledge
  • Can show good performance in noise and error
  • Self-Organization Maps(SOM), Hopfield Networks,
    Hamming Networks, Probabilistic Neural
    Networks(PNN)

9
Conclusion
  • To integrate a smart detection engine into a
    firewall
  • To propose the possibility to apply for the
    neural network
  • But, Problems for the performance of the decision
    process in a real-time network traffic
  • Optimizations to avoid the creation of too many
    false positives
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "An Intelligent Firewall to Detect Novel Attack An Integrated Approach based on Anomaly Detection Against Virus Attacks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!