1 / 17

Presented by: Preeti Anday Dept of Computer & Information Sciences University of Delaware

Presented by: Preeti Anday Dept of Computer & Information Sciences University of Delaware. A Blackboard-Based Learning Intrusion Detection System: A New Approach. What is a blackboard?. KS. KS. Blackboard. KS. KS. KS. Controller. Blackboard Architecture. Knowledge Sources (KS).

bono
Download Presentation

Presented by: Preeti Anday Dept of Computer & Information Sciences University of Delaware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Presented by: Preeti Anday Dept of Computer & Information Sciences University of Delaware A Blackboard-Based Learning Intrusion Detection System: A New Approach

  2. What is a blackboard?

  3. KS KS Blackboard KS KS KS Controller Blackboard Architecture Knowledge Sources (KS)

  4. What is an IDS? An intrusion detection system (IDS) is a device (or application) that monitors network and/or system activities for malicious activities or policy violations.

  5. Intrusion Detection Anomaly Detection Misuse Detection

  6. Intrusion Detection • Based on Network system area they audit: • Host based • Security system that is detecting inside abuses in a computer system • Network based • Capable of identifying abusive uses or attempts of unauthorized usage of the computer network from outside the system

  7. Prior Approaches • Rule based analysis: • Predefined rule set • Expert systems • Drawbacks • Inability to detect attack scenarios • Lack flexibility • Variations in the attack sequence reduce effectiveness of the system

  8. Common Types Of Malicious Attacks • Denial-of-service Attack (DoS) • Guessing rlogin Attack • Scanning Attack

  9. Autonomous Agents • What are Autonomous agents? • Software agents that perform certain security monitoring functions at the host • Independent entities • Have minimal overhead and can resist subversion • Dynamically reconfigurable, scalable and easily adaptable • Degrade gracefully

  10. Learning Intrusion Detection System Architecture

  11. Tier 1 • Contains autonomous agents required for initial alert feature, • A1: Network reader • Collects network data with the help of a program called tcpdump • Pastes them on the blackboard • A2: Initial Analyzer • Calls a rule based classifier that is written as a dll in C++ • A3: Display/Output agent • Reports the initial analysis to the user

  12. Tier 2 • Contains agents that analyze the system specific information, • A4: System reader • Gathers system specific information on the protected system • Posts it on the blackboard • A5: Attack classifier • Identifies different subclasses of intrusions present in the network • Send information from blackboard to the classifier which performs the diagnosis and posts the results on the Blackboard

  13. Tier 2 contd. • The information gathered in A4 includes, • Available network bandwidth • CPU Usage • Network packets • Memory usage • Number of connections • Connection attempts • Protocol • Packet length

  14. Tier 2 contd. The classifier used in A5 is a micro genetic algorithm based classifier that uses the multiple fault diagnosis concept to perform the necessary function. The result states what of attack is present and what is its probability of presence in the data set. The genetic algorithm is capable of determining the sub-classifications of attacks.

  15. Tier 3 • Contains autonomous agents that give full details of the attacks • A6: Analyzer with ANN • Analyzes information • Decides which type of ANN will be useful for further analysis • If the analysis finds no attack in the dataset, the agent flags the dataset as false positive alarm

  16. Tier 3 • A7: Teaching agent • Updates the rule set of A2 • A8: Report generation • Displays a complete report of the analysis to the user • Since the agents are autonomous, a control pattern is included to ensure that each agent gets at least one chance to look at the blackboard in one process cycle.

  17. Questions

More Related