Machine Learning in Intrusion Detection Systems IDS - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

Machine Learning in Intrusion Detection Systems IDS

Description:

AI methods are used to help solve some issues. For data classification: Classifier systems ... Using GP for learning. Instead of a monolithic static 'knowledge base' ... – PowerPoint PPT presentation

Number of Views:190
Avg rating:3.0/5.0
Slides: 26
Provided by: Only1
Category:

less

Transcript and Presenter's Notes

Title: Machine Learning in Intrusion Detection Systems IDS


1
Machine Learning in Intrusion Detection Systems
(IDS)
2
2 papers
  • Artificial Intelligence Intrusion Detection
    Current Future Directions AIID
  • J. Frank
  • Applying Genetic Programming to Intrusion
    Detection GP
  • M. Crosbie, G. Spafford

3
AIID
  • What is intrusion detection?
  • What are the issues in Intrusion Detection?
  • Data collection
  • Data reduction
  • Behavior Classification
  • Reporting
  • Response

4
AIID
  • AI methods are used to help solve some issues
  • For data classification
  • Classifier systems
  • Neural Network
  • Decision Tree
  • Feature Selection

5
AIID
  • Data Reduction
  • Data Filtering
  • Feature Selection
  • Data Clustering

6
AIID
  • Behavior Classification
  • Expert Systems
  • Anomaly Detection
  • Rule-Based Induction

7
AIID
  • An experiment using Feature Selection
  • Info. about network connections using a Network
    Security Monitor

8
AIID
  • 3 Search algorithms used
  • Backward Sequential Search (BSS)
  • Beam Search (BS)
  • Random Generation Plus Sequential Selection (RS)

9
AIID
  • Algorithm performance

10
AIID
  • Error Rate Performance (All)

T, PD, DS
Best
I, W, T, PS, PD, DS
11
AIID
  • Error Rate Performance (SMTP)

Best
W, T, PS, PD, DS
12
AIID
  • Error Rate Performance (Login)

T, PD, DSRGSS
Best
W, T, PS, PD
13
AIID
  • Error Rate Performance (Shell)

Best
W, T, PS, DS RS
W, PS, PD, DSBS BSS
14
GP (Applying Genetic Programming to Intrusion
Detection)
  • An IDS that exploits the learning power of
    Genetic Programming
  • Two types of security tools
  • Pro-active
  • Reactive IDS falls in this catergory

15
GP
  • Components in an IDS
  • Anomaly
  • May indicate a possible intrusion
  • So how do we know for sure? Expert-system
  • Rule-set model
  • Metrics
  • Comparing metrics model
  • But
  • If a new intrusion scenario arises modifying the
    IDS is complicated

16
GP
  • A finer-grained approach
  • IDS gets split into multiple Autonomous Agents

17
GP
18
GP
  • Using GP for learning
  • Instead of a monolithic static knowledge base
  • The GP paradigm allows evolution of agents that
    could be placed in a system to monitor audit data
  • GP programs
  • are in a simple meta-language
  • Have primitives that access audit data fields and
    manipulate them

19
GP
  • Internal agent architecture

20
GP
  • Learning by feedback
  • What do the agents monitor?
  • Inter-packet timing metrics
  • Total of socket connections, average time
    between socket connections, minimum time between
    socket connections, maximum time between socket
    connections, destination port, source port
  • Potential intrusions looked for
  • Port flooding, port-walking, probing, password
    cracking

21
GP
  • ? outcome suspicion
  • Penalty ? ranking /100
  • Fitness (100 ?) - penalty

22
GP
  • Multiple types
  • Time (long int), port (int), boolean, suspicion
    (int)
  • Problems with multiple types
  • ADF solution to type safety
  • ADF Automatically Defined Function
  • To monitor network timing
  • avg_interconn_time, min_interconn_time,
    max_interconn_time
  • For port monitoing
  • src_port, dest_port
  • For privileged port checking
  • is_priv_dest_port, is_priv_src_port

23
GP
  • Experimental results

24
Thats it !!!
25
Too old a research idea did not find any
current researches in the same field
Write a Comment
User Comments (0)
About PowerShow.com