1 / 30

THE UTC-IMON PROJECT

THE UTC-IMON PROJECT. Users and Terminals Characterization, Identification and Monitoring On a Net Net Anomaly Detection System Company : Deutsche Telekom Academic advisor : Yuval Elovici Technical advisor : Asaf Shabtai & Yuval Fledel Project Team : Raz Kitzoni Aryhe Segal

leif
Download Presentation

THE UTC-IMON PROJECT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. THE UTC-IMON PROJECT Users and Terminals Characterization, Identification and Monitoring On a Net Net Anomaly Detection System Company: Deutsche Telekom Academic advisor: Yuval Elovici Technical advisor : Asaf Shabtai & Yuval Fledel Project Team: Raz Kitzoni Aryhe Segal Eliad Barzi Mati Kochen

  2. Background – The Problem In world based on communication and computing, one of the main aspects is security. Today the standard user authentication protection doesn't protect against masquerading attacks

  3. Background – The Problem – cont. We’ll try to present the problem and the need for our systemby presenting a scenario we like to refer to as :“Bathroom Attack” (A.K.A Crap Attack)

  4. Background – The Problem – cont. Imagine a Normal shinny day.Our “Normal” employee,lets call him RAZ,is working inhis cubical …

  5. Background – The Problem – cont. When he finds himself having to answer a basic call of nature…. 00

  6. Background – The Problem – cont. In his absence his open terminal is commandeered by his nemesis, lets call him ZAR, who misuses RAZ privileges… 00

  7. Problem

  8. The Solution UTC-IMON The UTC-IMON system is a security tool which extends the existing layer of standard user authentication protection. Using network traffic observation UTC-IMON identifies and monitors users and terminals.

  9. The Problem Domain The UTC-IMON will be connected to the main communication channel of the organization net. The system would be sniffing and listening to the data running through the channel. In turn this analyzed data would be used to identify an “order in the chaos” of users behavior

  10. The Problem Domain – cont.

  11. UTC-IMON (in a nutshell) UTC-IMON sniffs the network using WireShark, identify and monitor users and their terminals, Characterizing them by analyzing their network conversations. Based on the collected information, the system is able to notice and notify on a a possible threat in cases of a change in user behavior.

  12. UTC-IMON (in a nutshell) – cont. The 2 major stages of the system are: 1.Training stage: when a new user is identified, UTC-IMON starts learning his behavior, creating a representing profile. 2.Detection stage: in this stage the system is constantly checking user behavior looking for a divert from a profile. In such cases the system alerts the appropriate authority. UTC-IMON keeps learning and updating users profile while activated.

  13. Functional Requirements • Research Requirement The process of developing the system evolves a comprehensive stage of research in the fields of data mining and anomaly detection. Main requirement: * Traffic recorder. * Traffic analyzer (converts traffic to different behavior profiles). * behavior examiner (checks how good the analysis was).

  14. Functional Requirements – cont. • Implementation Requirement After the research part is over and conclusions been made, the Implementation part starts Main Requirements User Management Requirements: * User manipulation - creation, modification and removal. * User statistics and details display. Profile Feature Requirements: * Profile manipulation . * Profile statistics and details display.

  15. Functional Requirements – cont. Identification and Monitoring Requirements: * Alert manipulation - notification, approval and removal. * Alert statistics and details display. Configuration & Settings Requirements: * System configuration – algorithms, defaults and settings. * Configuration statistics and details display. Reports Requirements: * Different reports and system statistics for the adjustment and fitting of the system.

  16. Non-Functional Requirements • Speed: * The Data analyze algorithm would be half a second up to 15 minutes according to the system initialization. * It takes up to 1 minute to show the analyzed data on the screen after processing. • Capacity: The system should support up to 200 user profiles. • Throughput: In all the system should be able to monitor up to 20,000 packets per second. • Reliability: The system creates a restore point once a given predefined time. Enabling reconstruction of the system in case the system collapse.

  17. Non-Functional Requirements • Safety & Security: The gathered information will be encrypted and handled by authorized personal. • Usability: The configuration and notifications to the Admin and Domain Expert would be simple and understandable. The common user isn’t aware of the system presence. • Availability: In all the system should be available 99.9% of the time.

  18. Use Cases

  19. Use Case 1

  20. Use Case 1 - Sequence Diagram

  21. Use Case 2

  22. Use Case 2 - Sequence Diagram

  23. Use Case 3

  24. Use Case 3 - Sequence Diagram

  25. Use Case 4

  26. Use Case 4 - Sequence Diagram

  27. Use Case 5

  28. Use Case 5 - Sequence Diagram

  29. Possible Risks UTC-IMON success rate anomaly detection is critical. This depend mainly in the various features of the user behavior profile, that are identified an monitored. Not good enough statistics would make the system pointless.

  30. The EndThanks & Good Luck(…BEWARE OF ZAR…)

More Related