1 / 13

Overview

KB-IDS – Application Design Document Knowledge-based Temporal Abstraction Host-based Intrusion Detection System for Android. Version 1.0 Team members: Uri Kanonov , Elad Ankry , Eliya Rahamim May 18 th 2009 Academic Advisor: Dr. Yuval Elovici Technical Advisor: Asaf Shabtai.

porter
Download Presentation

Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. KB-IDS – Application Design DocumentKnowledge-basedTemporalAbstraction Host-based Intrusion Detection System for Android Version 1.0 Team members: Uri Kanonov, EladAnkry, EliyaRahamimMay 18th 2009 Academic Advisor: Dr. Yuval Elovici Technical Advisor: AsafShabtai KB-IDS Application Design Document

  2. Overview • Detailed system architecture • Brief overview of the system requirements • Main classes – Agent • Overview of the KBTA algorithm • Main classes – KBTA Processor • Overview of User Interface • Tasks List • Questions? KB-IDS Application Design Document

  3. Global architecture Agent Threat Weighting Unit Service Graphical User Interface SQLite Processors KBTA … NetProtect Control Center KB-IDS Application Design Document

  4. Primary system requirementsFunctional Non-Functional • Agent • Feature extraction • Sending of extracted features to processors and Control Center • Receive alerts from the Threat Weighting Unit • KBTA Processor • Processing according to the KBTA algorithm • Producing threat assessments • Threat Weighting Unit • Threat assessment weighting • Sending of assessments to the Agent • Overall CPU usage should be under 10% (must be lightweight) KB-IDS Application Design Document

  5. Agent - main classes Agent Graphical User Interface Configuration Manager Service NetProtect NetProtect Control Center Alert Handler Processor Manager Feature Manager Monitored Data Processor Feature Extractor SQLite Threat Weighting Unit Processors Linux Kernel Application Framework KBTA KB-IDS Application Design Document

  6. Overview of the KBTA Algorithm • Time-Stamped Raw Data: • - Primitive Parameters • - Events • Higher Level Meaningful Temporal Information: • - Contexts • - Abstractions (Trends, States) • - Temporal Patterns Knowledge (KBTA Security ontology) • Four inference mechanisms: • - Temporal Context Forming • - Contemporaneous Abstraction • - Temporal Interpolation • - Temporal Pattern Matching Securing Android-based Devices T+9

  7. Overview of the KBTA Algorithm Ontology ontology; InstanceContainer instances; incrementalKBTA(List<primitive> primitives, List<event> events){ instances.add(primitives); instances.add(events); while (instances.hasNew()){ createContexts(instances, ontology); createAbstractions(instances, ontology); interpolateAbstractions(instances, ontology); } createPatterns(instances, ontology); } Securing Android-based Devices T+9

  8. Overview of the KBTA Algorithm Example Scenario Amount of non-system applications with the Camera permission Legend Apps_With_Permission_Camera Primitive Context State Many_Apps_With_Camera_Permission Alert Amount of pictures taken in the last 2 minutes Pictures_Taken Camera_Usage Camera_Abuse Securing Android-based Devices T+9

  9. KBTA-Processor- Main Classes Agent KBTA-Processor NetProtect Ontology NetProtect Control Center Pattern Threat Weighting Unit State Service Instance Container Trend Context Primitive Threat Assessment Threat Assessor Event KB-IDS Application Design Document

  10. Overview of User Interface Main screen Settings screen Alert screen Securing Android-based Devices T+9

  11. Overview of User Interface Alert description Alert handled Securing Android-based Devices T+9

  12. Task List • KBTA • Context Destructions19/05/09 - 21/05/09 • Trend21/05/09 - 25/05/09 • Pattern25/04/09 - 01/06/09 • Settings Screen01/06/09 - 06/06/09 • Sending elements to NetProtect06/06/09 - 08/06/09 • Testing08/06/09 - 23/06/09 Securing Android-based Devices T+9

  13. End Questions? KB-IDS Application Design Document

More Related