Transcript Presentation

Computer Account
Hijacking Detection
Using a Neural Network
Nick Pongratz
Math 340
Neural Networks
- Example Simple Network -
[!] graphic taken from http://blizzard.gis.uiuc.edu/htmldocs/Neural/neural.html
Neural Networks
- Backpropagation -
[!] graphic taken from http://blizzard.gis.uiuc.edu/htmldocs/Neural/neural.html
Computer Security
Introduction
• General computer use is skyrocketing.
• Growing reliance on networks.
• Greater need to “keep the bad guys out.”
Computer Security
Introduction
• Reactive Security
• Proactive Security
Computer Security
Introduction
- Reactive Security -
• Break-in already occurred or is occurring.
• Minimize/repair damage already done.
• Patch the system against further similar
attacks.
Computer Security
Introduction
- Reactive Security -
• Current applications:
Most virus scanners
Misuse detection
Most Intrusion Detection Systems
Computer Security
Introduction
- Proactive Security -
•
•
•
•
•
Strong passwords and correct permissions.
Secure software and operating systems.
Find system insecurities before bad guys do.
Physical security.
Self-adapting, smart systems.
Computer Security
Introduction
- Proactive Security -
• Current applications:
Self-assessment
Some virus scanners – heuristics
Anomaly detection
Intrusion Detection
Systems
- General Info -
•
•
•
•
Most are reactive.
Detect strange behavior.
Analyze user I/O, network I/O, processes.
Look for misuse and anomalies.
Intrusion Detection
Systems
- Misuse Detection -
• Compare activity with “signatures” of
known attacks.
• Signatures typically hand-coded.
• Good for known attacks
• Bad for previously unknown attacks
Intrusion Detection
Systems
- Anomaly Detection -
•
•
•
•
•
Compare activity with typical activity
“Fingerprints”
Adaptive
Good for detecting unusual behavior.
Not great for realtime monitoring.
MY PROJECT:
Neural Network Anomaly
Detection System
Neural Network Anomaly
Detection System
•
•
•
•
•
Currently analyses user behavior
Checks against fingerprints
Extendable
Adaptive
Semi-hybrid: Mostly reactive, has proactive
elements
Neural Network Anomaly
Detection System
- Neural Net Technical Details -
• Currently implemented in MATLAB.
• Object-oriented.
• Uses a feedforward backpropagation
neural network.
• Input: vector of command-use frequency.
• Output: vector of true/false guesses of the
corresponding users.
Neural Network Anomaly
Detection System
- System Details -
1. Sysadmin runs logs through trained
network.
2. System reports the status of the results.
3. Admin (or an automation system) acts on
report.
Neural Network Anomaly
Detection System
- Pros and Cons -
• Pros:
Accurate
Extendable
Adjusts
• Cons:
After-the-fact (not realtime)
Training data MUST be legitimate
Training can take a while
One part of complete security system
Neural Network Anomaly
Detection System
- Future Directions -
•
•
•
•
•
Extend to network communication.
Extend to running processes.
Include progression information in training.
Realtime (?)
Automatic response automation (?)
Any Questions,
Comments, Protests, a
Summer Job For Me?
Thank You!
Nick Pongratz
[email protected]
http://www.cs.wisc.edu/~nicholau/