2003-2004 Final Year Project Presentation DY1 Machine Learning for Computer Security Applications - PowerPoint PPT Presentation
Title:
2003-2004 Final Year Project Presentation DY1 Machine Learning for Computer Security Applications
Description:
2003-2004 Final Year Project Presentation DY1 Machine Learning for Computer Security Applications by Lam Ho-yu advised by Dr. Yeung Dit-yan What is computer security? – PowerPoint PPT presentation
Number of Views:282
Avg rating:3.0/5.0
Title: 2003-2004 Final Year Project Presentation DY1 Machine Learning for Computer Security Applications
1
2003-2004 Final Year Project Presentation
DY1Machine Learning for Computer Security
Applications
by Lam Ho-yu advised by Dr. Yeung Dit-yan
2
What is computer security?
- Computer Security Firewall? Is it secure?
- 7-eleven examples
3
Intrusion Detection System (IDS)
- Real world Surveillance Camera
- Computer Networks IDS to monitor network
- This project computer security application
Intrusion Detection System (IDS)
4
Presentation Flow
- Problems of current IDS technology
- Objectives of this project
- Scenario the key idea of this project
- System framework
- Another approach
- Active Support Vector Machine (ASVM)
5
Problems of Current IDS
172.16.113.50/portmap pm_getport sadmind -gt
0/udp 952442110.022445 SensitivePortmapperAccess
rpc 202.77.162.213/659 gt 172.16.112.10/portmap
pm_getport sadmind -gt 56255/udp 952442110.098242
SensitivePortmapperAccess rpc 202.77.162.213/660
gt 172.16.112.50/portmap pm_getport sadmind -gt
56261/udp 952443968.102596 ContentGap
194.27.251.21/13525 gt 172.16.112.194/telnet
content gap (lt 92797/14296) A part of alert.log
of Bro
- Low-level
- Large Quantity
- False alerts Password typo vs. Password
guessing? - Heavy workload for network security officers
6
Objectives
- To allow easier separation between false alerts
and real alerts - To transform alerts to a more user-friendly
representation - To relief operators workload by automation
7
Notion of Scenario
- A typical attack usually takes several steps
- Scan for candidate machines
- Exploration Gather information of the machine
- Exploitation Break into the machine
- Escalation gain more control (super-user)
- Do anything the intruders want!!
- Operators want to see logical steps that the
intruder is taking
8
The System Framework
9
Learning Components
- Clustering Group similar alerts together
- Correlation Group alerts that are in the same
scenario
Multi-Layer Perceptrons
Decision Tree
10
Key Results
- Total Clusters 236
- Alert count in clusters 835
- Correlation
Results - Total Scenarios 182
- Alert count in Scenarios 236
- --------------- Confusion Matrix ---------------
- Processed Results
- Desired True False Total
- --------------------------------------------------
---- - True 126 1 127
- False 130 578 708
- --------------------------------------------------
---- - Total 256 579 835
- --------------------------------------------------
---- - Processed Results
- Desired True False Total
- --------------------------------------------------
---- - True 99.21 0.7874 15.21
11
Screen Shot
12
(No Transcript)
13
Q A
14
Thank you!
15
Active Support Vector Machine
- Identify the most useful test data and ask the
user to classify it for training - Most useful?
- Random sampling
- SVM-based sampling
Test data
True Alerts
margin
False Alerts
Recommended
CrystalGraphics Presentations
![Investigations on Automatic Behavior-based System Design [A Survey on] Hierarchical Reinforcement Learning PowerPoint PPT Presentation](https://s3.amazonaws.com/images.powershow.com/6219810.th0.jpg?_=20150306026)
