intrusion detection using monitor information fusion
play

Intrusion Detection Using Monitor Information Fusion Student: Atul - PowerPoint PPT Presentation

Dec 17, 2022 •37 likes •527 views

Intrusion Detection Using Monitor Information Fusion Student: Atul Bohara P.I.: William H. Sanders Previous Work [1] Intrusion detection by combining and clustering diverse monitor data System Logs Firewall Logs Feature extraction Cluster

  1. Intrusion Detection Using Monitor Information Fusion Student: Atul Bohara P.I.: William H. Sanders

  2. Previous Work [1] Intrusion detection by combining and clustering diverse monitor data System Logs Firewall Logs Feature extraction Cluster analysis Host-level and and selection and prioritization network-level context Intrusion Detection in Enterprise Systems by Combining and Clustering Diverse Monitor Data . Atul Bohara, Uttam Thakore, William H. Sanders. In Proceedings of the 2016 Symposium and Bootcamp on the Science of Security (HotSoS '16)

  3. Previous Work [2] Lateral movement detection using distributed data fusion Cluster1 ▷ C4 Cluster2 ▷ C6 C5 ▷ C6 C4 ▷ C5 C2 ▷ C3 Entry Point C1 ▷ C2 C3 ▷ C4 Host 4 Target Host Host 2 Host 5 Host 3 Host 1 4 2 C1 C5 6 C3 C4 C2 C6 5 1 3 Lateral Movement Detection Using Distributed Data Fusion. Ahmed Fawaz, Atul Bohara, Carmen Cheh, William H. Sanders. 3 In Proceedings of 35th Symposium on Reliable Distributed Systems (SRDS 2016).

  4. Ongoing Work Proactive detection of advanced attacks through fusion Initial Establish Lateral Identify Actions on Recon Entry C&C Movement Targets Target • Hypothesis: events observed in the system, as a result of a multi-stage attack, are correlated. By combining the evidences of different attack stages, we can increase the confidence in the detection of overall attack • E.g., Fuse the evidence of C&C and lateral movement to detect and prevent a possible data exfiltration attack • Data-driven modelling of attack and defense (system)

  5. Air Force Research Laboratory Chris Cai PI: Professor Roy Campbell Integrity  Service  Excellence 1

  6. CRONets: Cloud-Routed Overlay Networks • We aim to understand what level of performance improvement can a user expect to get from leveraging public cloud service to build overlay network, as opposed from other resource providers like ISPs. • Performance metrics can include throughput, latency, loss rate, etc, corresponding to particular demands of different applications. • Questions to answer: • Can CRONets provide similar improvements compared to the previous experimental studies, but in a realistic-cloud-setting? • How can emerging technologies simplify the overlay path selection problem? 2

  7. Measurement Testbed • We use PlanetLab nodes as clients and Eclipse mirros as servers. We use IBM Softlayer as cloud provider to provide overlay nodes. • Blue labels indicate locations of PlanetLab nodes. Red labels indicate locations of overlay nodes. 3

  8. Contributions • Our work will help large companies as well as individual users to best leverage the available commercial cloud network resources to meet their specific network requirement. • CRONets also has the potential to provide a robust fault- tolerant transmission layer to help application surviving network failures. • Our work will help cloud provider to better design their inter- datacenter transmission mechanism to be “CRONets-friendly”. 4

  9. UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN | ENGINEERING AT ILLINOIS | INFORMATION TRUST INSTITUTE Advisor: Professor Iyer, Professor Kalbarczyk KEYWHAN CHUNG

  10. UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN | ENGINEERING AT ILLINOIS | INFORMATION TRUST INSTITUTE Security as a Signaling Game • Continued work w/ Dr. Kamhoua & Dr. Kwiat at AFRL • An approach on modeling the decision making process for security under limited observation on the environment as a signaling game , and studying the effectiveness of the optimized decisions • Simulation results had shown: – That the signaling game can reason the decisions of the attacker – Worst case scenarios for the defender – Promising evaluation results compared to the common approach • Further steps: – Comparison with more advanced mitigation methods or other attack models – Deployment to a real system w/ real monitors and responses

  11. UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN | ENGINEERING AT ILLINOIS | INFORMATION TRUST INSTITUTE Attack on Computing Infrastructures through Targeted Alteration of ICS • A study on seeking the possibility of utilizing the relatively weak security of the ICS systems to attack a well hardened computing infrastructure that requires advanced environmental control • Studied the cooling system for Blue Waters – Campus / Building / Cooling cabinet level – Interdependency between the systems • Studied Blue Waters failures related to the cooling system – Three failure scenarios with possibility of the attacker replaying through alteration in the monitoring / control system • Further steps: – Formulation of the attack model – Mitigation methods (Bro IDS, etc.)

  12. Intel VT-x on QEMU Lavin Devnani

  13. PROJECT GOALS ▸ Extend QEMU (Quick Emulator) to emulate Intel VT-x instruction set ▸ Run a hypervisor + guest OS in emulated operating system ▸ Support future security and reliability projects

  15. Future Applications ▸ Taint analysis of VT-x ▸ Taint analysis + Symbolic execution ▸ Profiling existing hypervisors ▸ Prototyping new hypervisors ▸ Extension of VMX functionality

  16. Cloud Security Certifications: A Comparison to Improve Cloud Service Provider Security Carlo Di Giulio (cdigiul2@illinos.edu) 09/21/2016 Masooda Bashir (mn@illinois.edu)

  17. 5/22/2016 Previous Steps January 4 April 13 June 8 The project starts ACC Seminar First paper submission Goals: 3 Pillars: • Focus on the first • Security & Privacy in • Laws and Regulations and third pillar Cloud Environments • Cloud services • Security and privacy • Evaluation of cloud • Privacy and security certifications and vendors policies standards • Market trends • FedRAMP, ISO27001 2

  18. 5/22/2016 Contribution Evaluation of the impact and relevance of Privacy and Security certifications for Cloud Services Deeper understanding of vendors’ commitment in promoting information assurance Suggestion of improvements to current standards and guidelines

  19. 5/22/2016 Current Status, Accomplishments ISO27001:2005 and 2013 FedRAMP Moderate and High baseline (DoD Lev 2-4) AICPA SOC2 (TSPC 2014 and 2016) BSI Cloud Computing Compliance Control Criteria (C5) 4

  20. Secure Containers Konstantin Evchenko, Read Sprabery, Abhilash Raj*, Sibin Mohan, Rakesh Bobba*, Roy H. Campbell University of Illinois at Urbana-Champaign *Oregon State University

  21. Motivation • Container-based products become ubiquitous in cloud infrastructure • Several parties run their containerized applications in a shared environment • Enables cache-based side-channel attacks (e.g. Prime+Probe and Flush+Reload) These attacks can be used to retrieve fine-grained sensitive information • (e.g. cryptographic keys) • Both attacks have been effectively carried in PaaS and IaaS infrastructures, both in a lab and real world environments 2

  22. Cauldron Framework Design 3

  23. Workflow example Cache Partition 1 App 1 App 2 App 3 App 4 Core 1 (Shared) Organization 1 App Organization 2 App App 4 App 1 App 3 App 4 Core 2 Organization 3 App Cache Partition 2 App 1 App 2 App 4 App 3 Core 3 (Protected) Organization 1 App Organization 2 App ● Flushing the cache eliminates information leak ● By using CAT we assign smaller partition to security-sensitive apps Organization 3 App ● Flushing smaller partition reduces overhead LLC Flush 4

  24. Improving performance with Gang Scheduling Cache Partition 2 App 1 App 2 App 3 App 4 Core 3 (Protected) Organization 1 App App 3 App 4 Organization 2 App Core 4 App 2 Organization 3 App LLC Flush ● Gang-schedule apps from the same organization ● Reduces the number of flushes ● Potentially increases idling ● Possible solution: soft gang scheduling ○ If no apps from the same org are available, schedule from other orgs ○ No flushing ○ Might leak some information, but not enough to enable the attack 5

  25. Initial results 6

  26. Future Work ● Design a Secure Containers framework with support from multiple layers of the stack including hardware, hypervisor, kernel, compiler and application layer. ○ Hardware supported isolation and sandboxes ○ Novel scheduling techniques for increased isolation and performance ○ Monitoring techniques to detect compromises and protect containers from both co-tenants and host 7

  27. Getafix: Workload-aware Data Management in Lookback Processing Systems Presenter: Mainak Ghosh Collaborators: Le Xu, Thomas Kao, Xiaoyao Qian, Indranil Gupta

  28. Problem • Lookback Processing Systems -- Warehouse for time series data • Current systems like Druid, Pinot make workload assumptions in design replication, caching and load balancing strategies • Recent segments assigned to “hot tier” -- larger replication • LRU used for cache eviction • Under a different workload, this causes, poor memory utilization, large network overhead • Our solution, Getafix, proposes a general solution which looks at segment popularity to define replication, caching and load balancing strategies.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Organization Incident Response June 2, 2005 ECS 235, Computer and Information Slide #1 Security Principles of

1.38k views • 104 slides
Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be bad Anomaly intrusion detection Try to detect deviations from normal behavior Specification intrusion detection Try to detect

627 views • 15 slides
Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Architecture of an IDS Organization Incident Response Slide #22-1 FEARLESS engineering Principles of Intrusion Detection

744 views • 40 slides
Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection

Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection

Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection Systems Signature Based IDS Monitor packets on the network Compare them against database of signatures/attributes from known threats

476 views • 26 slides
Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion Detection Systems Tripwire Snort 2 IDS (Definition) Intrusion Detection is the process of monitoring the events occurring in a computer

571 views • 30 slides
Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible Good behavior on one system is bad behavior on another Behaviors change and new vulnerabilities are discovered

700 views • 23 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239 systems Computer Software Some sample intrusion detection March 9, 2005 systems Lecture 15 Lecture 15 Page 1 Page 2 CS 239, Winter 2005

602 views • 12 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236 systems Computer Software Some sample intrusion detection March 12, 2007 systems Lecture 14 Lecture 14 Page 1 Page 2 CS 236, Winter 2007

537 views • 10 slides
Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative

Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative

Intrusion Detection Intrusion Detection October 23, 2020 Administrative Administrative submittal instructions submittal instructions answer the lab assignments questions in written report form, as a text, pdf, or Word document

504 views • 21 slides
Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing

Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing

Overview Intrusion Detection Systems Intrusion Detection Concepts and Practices Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy Chapter 13 Using Rules and Thresholds for

297 views • 7 slides
Authorization: Intrusion Detection Prof. Tom Austin San Jos State University Prevention vs.

Authorization: Intrusion Detection Prof. Tom Austin San Jos State University Prevention vs.

CS 166: Information Security Authorization: Intrusion Detection Prof. Tom Austin San Jos State University Prevention vs. Detection Most systems we've discussed focus on keeping the bad guys out. Intrusion prevention is a traditional

479 views • 34 slides
Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 11 Page 1 CS 236 Online Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection

143 views • 12 slides
Signature Based Intrusion Detection Systems Philip Chan CS 598 MCC Spring 2013 Intrusion

Signature Based Intrusion Detection Systems Philip Chan CS 598 MCC Spring 2013 Intrusion

Signature Based Intrusion Detection Systems Philip Chan CS 598 MCC Spring 2013 Intrusion Detection Systems Detect malicious Raise alarms activities/attacks Alert administrators Hacking/ unauthorized access Trigger defense

217 views • 21 slides
Network Intrusion Detection & Forensics with Bro Matthias Vallentin vallentin@berkeley.edu

Network Intrusion Detection & Forensics with Bro Matthias Vallentin vallentin@berkeley.edu

Network Intrusion Detection & Forensics with Bro Matthias Vallentin vallentin@berkeley.edu BERKE1337 March 3, 2016 Outline 1. Intrusion Detection 101 2. Bro 3. Network Forensics Exercises 1 / 29 Detection vs. Blocking Intrusion

432 views • 32 slides
Intrusion Prevention and Detection in Grid computing - The ALICE Case 21st International

Intrusion Prevention and Detection in Grid computing - The ALICE Case 21st International

Intrusion Prevention and Detection in Grid computing - The ALICE Case 21st International Conference on Computing in High Energy and Nuclear Physics Outline: Introduction Threat model Intrusion prevention Intrusion detection

420 views • 16 slides
Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots

Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots

ITS335 Intrusion Detection Intruders Intrusion Detection Host-Based Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots Summary Sirindhorn International Institute of Technology Thammasat University

584 views • 30 slides
The phrase-structural diversity of periphrasis: a lexicalist account Olivier Bonami Gert

The phrase-structural diversity of periphrasis: a lexicalist account Olivier Bonami Gert

The phrase-structural diversity of periphrasis: a lexicalist account Olivier Bonami Gert Webelhuth June 8, 2010 Olivier Bonami, Gert Webelhuth () June 8, 2010 1 / 38 The Theoretical Issue Words meeting the morphological criteria for

573 views • 39 slides
ETC1010: Data Modelling and Computing Week of Data Visualisation: Lecture 3 Dr. Nicholas Tierney

ETC1010: Data Modelling and Computing Week of Data Visualisation: Lecture 3 Dr. Nicholas Tierney

ETC1010: Data Modelling and Computing Week of Data Visualisation: Lecture 3 Dr. Nicholas Tierney & Professor Di Cook EBS, Monash U. 2019-08-14 Learning Tips 2 / 46 Understanding learning Growth and xed mindsets Reframe success +

708 views • 46 slides
Term rewriting Equational logic Term rewriting systems Termination Confluence

Term rewriting Equational logic Term rewriting systems Termination Confluence

Term rewriting Equational logic Term rewriting systems Termination Confluence Rapid prototyping Summary and Exercises Equational logic Reflexivity t = t t 1 = t 2 Symmetry t 2 = t 1 t 1 = t 2 t 2 = t 3 Transitivity t 1 =

769 views • 52 slides
Negation, Polarity, N-words Gianina Iord achioaia E BERHARD K ARLS U NIVERSITT T BINGEN

Negation, Polarity, N-words Gianina Iord achioaia E BERHARD K ARLS U NIVERSITT T BINGEN

Negation, Polarity, N-words Gianina Iord achioaia E BERHARD K ARLS U NIVERSITT T BINGEN gianina@sfs.uni-tuebingen.de Seminar f ur Sprachwissenschaft University of T ubingen ur Sprachwissenschaft Seminar f Negation, Polarity,

1.28k views • 84 slides
Linear Filters Tues, Jan 23, 2018 Announcements Piazza for assignment questions A0

Linear Filters Tues, Jan 23, 2018 Announcements Piazza for assignment questions A0

CS 376 Spring 2018 : Lecture 2 1/22/2018 Linear Filters Tues, Jan 23, 2018 Announcements Piazza for assignment questions A0 due today. Submit on Canvas. Office hours posted on class website Course homepage

538 views • 26 slides
Free Lunch: Exploiting Renewable Energy For Computing Sherif Akoush HotOS'11 Greenpeace

Free Lunch: Exploiting Renewable Energy For Computing Sherif Akoush HotOS'11 Greenpeace

1 Free Lunch: Exploiting Renewable Energy For Computing Sherif Akoush HotOS'11 Greenpeace International http://www.youtube.com/watch?v=QPty-ZLbJt0 Renewable Energy in Computing Datacenterknowledge.com Renewable Energy Wind+Solar in 2007

490 views • 15 slides
Using the Network as a Reliable Platform for Time-Sensitive Systems Henrik Austad

Using the Network as a Reliable Platform for Time-Sensitive Systems Henrik Austad

Using the Network as a Reliable Platform for Time-Sensitive Systems Henrik Austad haustad@cisco.com Cisco Systems https://xkcd.com/927/ Berlin, Oct 13, 2016 This talk will dive into what TSN actually is, what it can provide and its

778 views • 33 slides
!""#$!"%%&'()*+("',- ./012(1')1$('$3)(1')1$4$./0#"2*+("'

!""#$!"%%&'()*+("',- ./012(1')1$('$3)(1')1$4$./0#"2*+("'

!""#$!"%%&'()*+("',- ./012(1')1$('$3)(1')1$4$./0#"2*+("' 5)+(6(+(1,$*+$7(89$:*+(+&;1$:")*+("', <*=$>(#,+2*0?$@*2A$B",+12 C535$5%1,$<1,1*2)9$!1'+12 2*=D8(#,+2*0E'*,*D8"6

361 views • 25 slides

More recommend