a framework for distributed intrusion detection using
play

A Framework for Distributed Intrusion Detection using - PowerPoint PPT Presentation

Dec 27, 2023 •200 likes •387 views

A Framework for Distributed Intrusion Detection using Interest-Driven Cooperating Agents Rajeev Gopalakrishna and Eugene H. Spafford Distributed IDS a system where the analysis of the data is performed on a number of locations

  1. A Framework for Distributed Intrusion Detection using Interest-Driven Cooperating Agents Rajeev Gopalakrishna and Eugene H. Spafford

  2. Distributed IDS “a system where the analysis of the data is performed on a number of locations proportional to the number of hosts that are being monitored” – Spafford and Zamboni CERIAS, Purdue University 2

  3. Distributed Communication Models Event-based model Push-based model • Any entity may produce, • Specific producers and any entity may consume consumers events • Asymmetric roles • Symmetric roles • Logical channels • Loosely connected • Tighter coupling • Higher scalability • Less scalable • Event advertisement, interest specification and event notification CERIAS, Purdue University 3

  4. Motivation • Concept of agents to perform intrusion detection • Event-based communication model • Concept of interest propagation CERIAS, Purdue University 4

  5. Generic Hierarchical Intrusion Detection Systems Refined Data Event Generator and/or 5 Event Analyzer

  6. Examples • DIDS • GrIDS • EMERALD • AAFID CERIAS, Purdue University 6

  7. Drawbacks • Analysis hierarchy • Data refinement • Bulky modules at all levels of hierarchy • Passive interaction CERIAS, Purdue University 7

  8. Related Work • Crosbie and Spafford • Barrus and Rowe • Ingram • Mell and McLarnon • CARDS CERIAS, Purdue University 8

  9. Our Approach • Agents • No analysis hierarchy • Intelligent cooperation using the concept of interests • Interest propagation • Active communication • Lightweight modules at all levels of hierarchy CERIAS, Purdue University 9

  10. Interest “a specification of data that an agent is interested in, but is not available to the agent because of the locality of data collection or because the agent was not primarily intended to observe those data” DATA DATA AGENT A AGENT B AGENT A AGENT B INTEREST INTEREST DATA DATA MORE OVERHEAD DATA DATA SOURCE SOURCE NOT ACCESSIBLE CERIAS, Purdue University 10

  11. Interest Propagation LEGEND Domain Agent Propagator Local Enterprise 11 Propagator Propagator

  12. Types of Interests • Directed or Propagated Interests • Local, Domain or Enterprise Level Interests • Permanent or Temporal Interests CERIAS, Purdue University 12

  13. Granularity of Interests • Event vs. Alert • Curiosity level • Adds dynamism to agents • Reduces overhead CERIAS, Purdue University 13

  14. Data Delivery Hierarchical delivery Direct delivery • Failure of modules • Scalability • Data Coalescing CERIAS, Purdue University 14

  15. Host IR - Interest Registry IR AR - Agent Registry AR CERIAS, Purdue University 15

  16. Other Considerations • Security of Agents • Clock Synchronization • Redundancy of Propagators CERIAS, Purdue University 16

  17. Future Work • Implementation of the framework • Explore alternatives for implementing the interest mechanism • Impact on size of agents and on host and network performance CERIAS, Purdue University 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots

Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots

ITS335 Intrusion Detection Intruders Intrusion Detection Host-Based Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots Summary Sirindhorn International Institute of Technology Thammasat University

584 views • 30 slides
Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be bad Anomaly intrusion detection Try to detect deviations from normal behavior Specification intrusion detection Try to detect

627 views • 15 slides
Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Architecture of an IDS Organization Incident Response Slide #22-1 FEARLESS engineering Principles of Intrusion Detection

744 views • 40 slides
Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Organization Incident Response June 2, 2005 ECS 235, Computer and Information Slide #1 Security Principles of

1.38k views • 104 slides
Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion Detection Systems Tripwire Snort 2 IDS (Definition) Intrusion Detection is the process of monitoring the events occurring in a computer

571 views • 30 slides
Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible Good behavior on one system is bad behavior on another Behaviors change and new vulnerabilities are discovered

700 views • 23 slides
The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection

The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection

The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection Man-Ki Yoon, Mihai Christodorescu, Lui Sha, Sibin Mohan University of Illinois at Urbana-Champaign Qualcomm Research Silicon Valley June 6, 2016

928 views • 46 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239 systems Computer Software Some sample intrusion detection March 9, 2005 systems Lecture 15 Lecture 15 Page 1 Page 2 CS 239, Winter 2005

602 views • 12 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236 systems Computer Software Some sample intrusion detection March 12, 2007 systems Lecture 14 Lecture 14 Page 1 Page 2 CS 236, Winter 2007

537 views • 10 slides
Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative

Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative

Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative submittal instructions submittal instructions answer the lab assignments questions in written report form, as a text, pdf, or Word document

504 views • 21 slides
Anomaly Based Intrusion Detection in Distributed Applications without global clock Eric Totel,

Anomaly Based Intrusion Detection in Distributed Applications without global clock Eric Totel,

Anomaly Based Intrusion Detection in Distributed Applications without global clock Eric Totel, Mouna Hkimi, Michel Hurfin, Mourad Leslous, Yvan Labiche SEC2-2016 5 July 2016 Outline of the Presentation Position of the problem Building

374 views • 26 slides
Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing

Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing

Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy Chapter 13 Using Rules and Thresholds for

297 views • 7 slides
Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 11 Page 1 CS 236 Online Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection

143 views • 12 slides
Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen

Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen

Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen January 19, 2018 Introduction The smart-grid can be viewed as a Large-Scale Networked Control System (LSNCS). LSNCS components such as controllers,

650 views • 18 slides
Motivation: MSA Motivation: MSA Current attacks to distributed systems involve multiple steps

Motivation: MSA Motivation: MSA Current attacks to distributed systems involve multiple steps

Secure Configuration of Intrusion Detection Secure Configuration of Intrusion Detection Sensors for Changing Enterprise Systems Gaspar Modelo-Howard, Jevin Sweval, Saurabh Bagchi Presented by Amiya Kumar Maji Dependable Computing Systems Lab

611 views • 12 slides
Signature Based Intrusion Detection Systems Philip Chan CS 598 MCC Spring 2013 Intrusion

Signature Based Intrusion Detection Systems Philip Chan CS 598 MCC Spring 2013 Intrusion

Signature Based Intrusion Detection Systems Philip Chan CS 598 MCC Spring 2013 Intrusion Detection Systems Detect malicious Raise alarms activities/attacks Alert administrators Hacking/ unauthorized access Trigger defense

217 views • 21 slides
A Dynamic Programming-based MCMC Framework for Solving DCOPs with GPUs Ferdinando Fioretto 1(2)

A Dynamic Programming-based MCMC Framework for Solving DCOPs with GPUs Ferdinando Fioretto 1(2)

A Dynamic Programming-based MCMC Framework for Solving DCOPs with GPUs Ferdinando Fioretto 1(2) (joint work with) William Yeoh 2 and Enrico Pontelli 2 1 University of Michigan 2 New Mexico State University CP 2016, Toulouse Introduction GPUs

796 views • 27 slides
Energy-efficient Delivery by Heterogeneous Mobile Agents Andreas B artschi J er emie

Energy-efficient Delivery by Heterogeneous Mobile Agents Andreas B artschi J er emie

Energy-efficient Delivery by Heterogeneous Mobile Agents Andreas B artschi J er emie Chalopin, Shantanu Das, Yann Disser, Daniel Graf, Jan Hackfeld, Paolo Penna Department of Computer Science Motivation / Toy model 7 /100 km 6

535 views • 50 slides
A Multi-Agent Prediction Market based on Raj Dasgupta Partially Observable Stochastic Game

A Multi-Agent Prediction Market based on Raj Dasgupta Partially Observable Stochastic Game

A Multi-Agent Prediction Market based on Partially Observable Stochastic Game Janyl Jumadinova, A Multi-Agent Prediction Market based on Raj Dasgupta Partially Observable Stochastic Game Outline Introduction Research Problem POSGI Janyl

753 views • 46 slides
Optimal p Sequential Resource Sharing and Exchange i in Multi Agent Systems l i S Yuanzhang

Optimal p Sequential Resource Sharing and Exchange i in Multi Agent Systems l i S Yuanzhang

Optimal p Sequential Resource Sharing and Exchange i in Multi Agent Systems l i S Yuanzhang Xiao Advisor: Prof. Mihaela van der Schaar Electrical Engineering Department UCLA Electrical Engineering Department, UCLA Ph.D. defense, March 3,

892 views • 61 slides
3. Agent-Oriented Methodologies Part 2: D) ems Design (MASD The PROMETHEUS The PROMETHEUS

3. Agent-Oriented Methodologies Part 2: D) ems Design (MASD The PROMETHEUS The PROMETHEUS

3. Agent-Oriented Methodologies Part 2: D) ems Design (MASD The PROMETHEUS The PROMETHEUS methodology. Javier Vzquez-Salceda q Multiagent Syste MASD https://kemlg.upc.edu Methodological Extensions to Object-Oriented Approaches A

310 views • 20 slides
1 Solutions: Solutions: The delivery men (II) The delivery men (III) Hiding a delivery:

1 Solutions: Solutions: The delivery men (II) The delivery men (III) Hiding a delivery:

Example 3: Combinatorical auctions Example 3: Combinatorical auctions and false agents (I) and false agents (II) In a combinatorical auction, agents do not bid on single As seen earlier, one of the goals in auctions is incentive items, but on

320 views • 3 slides
Planning Agents Chapter Overview planning problems from problem solving to planning

Planning Agents Chapter Overview planning problems from problem solving to planning

CPE/CSC 580-S06 Artificial Intelligence Intelligent Agents Planning Agents Chapter Overview planning problems from problem solving to planning representations for planning problems states, goals, actions, plans partial-order planning

640 views • 41 slides
Consumer Outreach October 18, 2018 Centers for Medicare & Medicaid Services (CMS) Center

Consumer Outreach October 18, 2018 Centers for Medicare & Medicaid Services (CMS) Center

Consumer Outreach October 18, 2018 Centers for Medicare & Medicaid Services (CMS) Center for Consumer Information & Insurance Oversight (CCIIO) Disclaimer The information provided in this presentation is intended only as a general

864 views • 50 slides

More recommend