anomaly detection on user agents
play

Anomaly Detection on User-agents Peter van Bolhuis Overview - PowerPoint PPT Presentation

Mar 04, 2023 •410 likes •574 views

Anomaly Detection on User-agents Peter van Bolhuis Overview Introduction Research Question User-agents Scoring host anomalies Verification Conclusion Anomaly Detection on User-agents 2 Introduction Methods

  1. Anomaly Detection on User-agents Peter van Bolhuis

  2. Overview ● Introduction ● Research Question ● User-agents ● Scoring host anomalies ● Verification ● Conclusion Anomaly Detection on User-agents 2

  3. Introduction ● Methods – Statistical – Knowledge based – Machine learning Anomaly Detection on User-agents 3

  4. Research Question What is the effectiveness of statistical anomaly detection when applied to user-agent strings? Anomaly Detection on User-agents 4

  5. User-agents ● Programs that “ act on behalf of a user ” ● Identify themselves with a string – Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; eSobiSubscriber 2.0.4.16; BRI/1; MAAR; .NET4.0C; AskTbORJ/5.15.9.29495; .NET4.0E; BRI/2) Funshion/1.0.0.1 Anomaly Detection on User-agents 5

  6. User-agents (2) ● Problem: – Mozilla/4.0 (compatible; version 1.33.7) – Mozilla/4.0 (compatible; version 1.33.8) – Dalvik/1.4.2 (AskTbORJ/5.15.9.29495) Anomaly Detection on User-agents 6

  7. User-agents (3) ● Splitting on elements – Mozilla/4.0 – Dalvik/1.4.2 – Compatible – Version Anomaly Detection on User-agents 7

  8. Anomaly Detection on User-agents 8

  9. Anomaly Detection on User-agents 9

  10. Scoring host anomalies ● Elements with the lowest n occurrences give a host a +1 User-agent element #Occurrences Increases score Mozilla/4.0 100 No AppleWebKit/537.36 20 No Dalvik/1.4.0 10 Yes AppWorld/5.0 2 Yes Q10/10.2.1.3175 2 Yes zh-cn 2 Yes 4012FREE 1 Yes Table for n = 3 Anomaly Detection on User-agents 10

  11. Scoring host anomalies (2) Score Hosts (with score > 1) Anomaly Detection on User-agents 11

  12. Verification Host Score Result of verification A 299 Host was a phone: Compliance incident B 64 Host infected with Conduit Browser Hijacker C 157 Host was a proxy D 353 Host was a proxy Anomaly Detection on User-agents 12

  13. Conclusion ● User-agent strings can be used for anomaly detection – Best results on uniform networks – Anomalies are not necessarily infections, but rather installed software packages Anomaly Detection on User-agents 13

  14. Demo Anomaly Detection on User-agents 14

  15. Thank you Anomaly Detection on User-agents 15

  16. Anomaly Detection on User-agents 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative Anomaly Detection Motivation Developing an anomaly detection system Anomaly detection vs. supervised learning Choosing what features

514 views • 34 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

984 views • 72 slides
Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview Prior Work in Network Anomaly Detection The 1999 DARPA Intrusion Detection Evaluation Packet Header Anomaly Detection (PHAD) Application

575 views • 18 slides
<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

Data Council Singapre 2019 Autoencoder Forest for Anomaly Detection from IoT Time Series <Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection Autoencoder for anomaly detection Autoencoder

540 views • 27 slides
In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong, Alan Fern, Thomas G. Dietterich and Md Amran Siddiqui School of EECS Anomaly Detection Goal: Identify rare or strange objects 2 Anomaly

756 views • 51 slides
Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The Pennsylvania State University Anomaly Intrusion Detection Systems Anomaly Intrusion Detection Systems Model normal behavior. Attack - Any

417 views • 20 slides
Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and

Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and

Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection Jiong Zhang and Mohammad Zulkernine School of Computing Queens University, Kingston Ontario, Canada K7L 3N6 {zhang, mzulker} @cs.queensu.ca Abstract- Anomaly

284 views • 6 slides
Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Information Technology Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu Rukshan Bandaragoda Kai Ming Ting David Albrecht Fei Tony Liu Jonathan R. Wells Outline Overview of anomaly detection

657 views • 41 slides
Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation tree DataCamp Anomaly Detection in R Isolation tree plots DataCamp Anomaly Detection in R

631 views • 19 slides
On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman.

On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman.

Introduction Feature Extraction Entropy Calculation Anomaly detection Classification Open Issues On Entropy in Network Traffic Anomaly Detection Jayro Santiago-Paz, Deni Torres-Roman. Cinvestav, Campus Guadalajara, Mexico November 2015

690 views • 24 slides
ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter

ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter

ACCT 420: Topic modeling and anomaly detection Session 8 Dr. Richard M. Crowley 1 Front matter 2 . 1 Learning objectives Theory: NLP Anomaly detection Application: Understand annual report readability Examine the

1.12k views • 85 slides
An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate

An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate

An Evaluation of Effect of Packet Sampling on Anomaly Detection Method Takuya Motodate April 25, 2010 The 3rd CAIDA-WIDE-CASFI Joint Measurement Workshop @Osaka 1 2010 4 25 Background Anomaly Detection:

331 views • 20 slides
Anomaly Detection with State Space Models Multi-dimensional State Space Models SVD Method EM

Anomaly Detection with State Space Models Multi-dimensional State Space Models SVD Method EM

Anomaly Detection CAMCOS 2009 Introduction ADAPT Anomaly Detection with State Space Models Multi-dimensional State Space Models SVD Method EM Algorithm Kalman Filter Maja Derek, Kate Isaacs, Duncan McElfresh, Jennifer Alarm Murguia,

1.4k views • 96 slides
360 Unsupervised Anomaly-based Intrusion Detection Stefano Zanero , Ph.D. Stefano Zanero ,

360 Unsupervised Anomaly-based Intrusion Detection Stefano Zanero , Ph.D. Stefano Zanero ,

Politecnico di Milano Dip. Elettronica e Informazione Milano, Italy 360 Unsupervised Anomaly-based Intrusion Detection Stefano Zanero , Ph.D. Stefano Zanero , Ph.D. Post-doc Researcher, Politecnico di Milano CTO & Founder, Secure

522 views • 39 slides
Report for Waikato Medical Research Foundation June 2014

Report for Waikato Medical Research Foundation June 2014

Report for Waikato Medical Research Foundation June 2014 Review of erosive vulvovaginal lichen planus: Clinical presentation and impact on quality of life

206 views • 3 slides
Metrics Technical Advisory Workgroup June 22, 2017 PLEASE DO NOT PUT YOUR PHONE ON HOLD IT

Metrics Technical Advisory Workgroup June 22, 2017 PLEASE DO NOT PUT YOUR PHONE ON HOLD IT

Metrics Technical Advisory Workgroup June 22, 2017 PLEASE DO NOT PUT YOUR PHONE ON HOLD IT IS BETTER IF YOU DROP OFF THE CALL AND REJOIN IF NEEDED 1 Todays Agenda Updates Benchmarking Model TAG July M&S Recommendations

673 views • 39 slides
Data Science 101 Arik Pelkey Pentaho Senior Director Product Marketing, Hitachi Vantara

Data Science 101 Arik Pelkey Pentaho Senior Director Product Marketing, Hitachi Vantara

Data Science 101 Arik Pelkey Pentaho Senior Director Product Marketing, Hitachi Vantara Scott Cooley Pentaho Data Scientist, Hitachi Vantara Agenda This session will provide an introduction to data science fundamentals. What is Data

610 views • 23 slides
Robust and Unsupervised KPI Anomaly Detection Based on Conditional Variational Autoencoder Zeyan

Robust and Unsupervised KPI Anomaly Detection Based on Conditional Variational Autoencoder Zeyan

Robust and Unsupervised KPI Anomaly Detection Based on Conditional Variational Autoencoder Zeyan Li , Wenxiao Chen, Dan Pei Department of Computer Science and Technology Tsinghua University November 18, 2018 1/37 Table of Contents 1 Background

573 views • 41 slides
Presentation and Summary Paper How to ISMLL Eya Boumaiza Eya Boumaiza, ISMLL Hildesheim,

Presentation and Summary Paper How to ISMLL Eya Boumaiza Eya Boumaiza, ISMLL Hildesheim,

Presentation and Summary Paper How to Presentation and Summary Paper How to ISMLL Eya Boumaiza Eya Boumaiza, ISMLL Hildesheim, October 2019 1 / 30 Presentation and Summary Paper How to Outline Presentation How To Generic Recommendation for

778 views • 30 slides
is embracing AI and Machine Learning Dean Clayton, SMAX Product Manager Max, SMAX Virtual Agent

is embracing AI and Machine Learning Dean Clayton, SMAX Product Manager Max, SMAX Virtual Agent

Why Service Management is embracing AI and Machine Learning Dean Clayton, SMAX Product Manager Max, SMAX Virtual Agent 13 August 2019 The Face of AI OR Agenda Principles of AI and Machine Learning Research - Automation, AI, and Analytics:

445 views • 26 slides
Anomalous event detection from surveillance video Aggelos K. Katsaggelos Professor Joseph

Anomalous event detection from surveillance video Aggelos K. Katsaggelos Professor Joseph

Anomalous event detection from surveillance video Aggelos K. Katsaggelos Professor Joseph Cummings Chair Northwestern University Department of EECS Department of Linguistics NorthSide University Hospital System Argonne National Laboratory

478 views • 28 slides

More recommend