1 / 20

brie/brian/netga/

http://brie.com/brian/netga/. Who am I?. Brian E. Lavender Computer Science Legislative Data Center (Work). SNORT Experience. Custom rules to identify attacks. SNORT Plugin. Disappeared!!!. S tatistical P acket A nomaly D etection E ngine. MS Project – What to do?. Artificial

zelenia-noel
Download Presentation

brie/brian/netga/

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. http://brie.com/brian/netga/

  2. Who am I? • Brian E. Lavender • Computer Science • Legislative Data Center (Work)

  3. SNORT Experience Custom rules to identify attacks

  4. SNORT Plugin. Disappeared!!! Statistical Packet Anomaly Detection Engine

  5. MS Project – What to do? Artificial Inteligence Network Security

  6. NetGA http://brie.com/brian/netga/ Genetic Algorithm Paper (Ren Hui Gong) Nprobe (Luca Deri) Integration and further development (Me!)

  7. How the Genetic Algorithm Works! Training Data

  8. Training Data

  9. Training Data Source DARPA http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1998data.html

  10. Training Data Make Rules that Match only attacks (Orange)!

  11. Individual Chromosome

  12. Individual Evolution

  13. Individual Elitism New Popluation Old Popluation Clone Two best of each attack Type

  14. Individual Crossover. Making Children

  15. Individual Mutation Only happens on rare occasions

  16. Individuals Start! 00,-1,-1 exec 00043517 00000079 192.168.001.040 010.168.000.020 guess Fitness 0.0000 00,-1,02 ftp 00001847 00001021 192.168.001.030 192.168.000.020 guess Fitness 0.0000 00,-1,-1 exec 00043517 00000079 192.168.001.040 010.168.000.020 guess Fitness 0.0000 00,-1,02 ftp 00001847 00001021 192.168.001.030 192.168.000.020 guess Fitness 0.0000 00,01,42 ftp 00043538 00000513 192.168.000.030 010.168.000.020 rcp Fitness 0.0000 00,01,23 rlogin 00001769 00000512 192.168.000.040 010.168.000.020 rcp Fitness 0.0000 00,01,57 smtp -0000001 00000512 192.-01.000.030 010.168.000.-01 port-scan fitness 0.0000

  17. Individuals Finish! 00,00,14 rlogin -0000001 00000513 192.168.001.030 192.168.000.020 rsh fitness is 0.8031 00,00,14 rlogin -0000001 00000513 192.168.001.030 192.168.000.020 rsh fitness is 0.8031 00,00,04 rlogin -0000001 -0000001 192.168.001.030 192.168.000.020 port-scan fitness is 0.8031 00,-1,23 telnet -0000001 00000023 192.168.001.030 192.168.000.020 guess fitness is 0.8063 00,-1,05 -0001-0000001-0000001 192.168.001.030 192.168.000.020 port-scan fitness is 0.8063 -1,-1,05 -0001-0000001-0000001 192.168.001.030 192.168.000.020 port-scan fitness is 0.8063 00,-1,23 telnet -0000001 00000023 192.168.001.030 192.168.000.020 guess fitness is 0.8063

  18. nProbe Layout NetGA Plugin matches connection pool In nProbe.

  19. nProbe code Development and Testing Dummy Interface # modprobe dummy0 # ifconfig dummy0 0.0.0.0 TCP Replay # tcpreplay -i dummy0 sample_data01.tcpdump Run nProbe # nprobe -i dummy0 –netGA=<netga.conf> <other options>

  20. NetGA http://brie.com/brian/netga/ Isaac Newton

More Related