modeling prediction and diagnosis for network security
play

Modeling, prediction and diagnosis for network security Alfred Hero - PowerPoint PPT Presentation

Dec 04, 2023 •235 likes •432 views

Modeling, prediction and diagnosis for network security Alfred Hero University of Michigan 1. Network monitoring and tomography 2. Science of security: opportunities 3. Concluding remarks Alfred Hero NSF-IARPA SOS Workshop Nov 2008 1.

  1. Modeling, prediction and diagnosis for network security Alfred Hero University of Michigan 1. Network monitoring and tomography 2. Science of security: opportunities 3. Concluding remarks Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  2. 1. Network monitoring and tomography • Internally sensed network tomography (Treichler05, Rabbat06) C A ? D B E • End-point prediction and tracking(Justice06) ? ? ? ? ? ? Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  3. 2. Science of security: opportunities • Science of Security • Scientific method – Sparse, incomplete? – Observation – Model selection? – Hypothesis – Baseline drift? – Prediction – Observer effect? – Experiment – Benchmarks? – Evaluation Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  4. Observation • Challenge: Critical security breaches are covert, rare, and non-repeatable – Any set of observations will necessarily be sparse and incomplete – Persistent and pervasive multimodal monitoring impractical Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  5. Cross-fertilizations • Information-driven sensor management – Plan-ahead learning with POMDP (Carin:06, Blatt06) – Q-learning for reactive targets (Kreucher:06) – Performance prediction (H07, Castanon08) • ISNT applications (Rabbat08,Justice06), but more research needed – Necessary and sufficient sampling rate? – Distributed processing and inference? – Scalable algorithms and approximations? Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  6. Hypothesis • Challenge: infer stable models of attack and ambient behaviors that can be reliably tested – Central question: how to discover hidden latent structure of partially observed variables? Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  7. Cross-fertilizations • Statistical model selection: how many attack patterns are there and how to identify them? • Unsupervised hypothesis generation – Bayesian factor analysis (West05) – Information driven PCA (FINE, IPCA) (Carter08_b) – Complexity filtering (Carter08_a) – Social networks of behavoir (Xu09) • How to make these approaches scalable to whole network security applications? Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  8. Complexity filtering (Carter:08_a) Intrinsic dimension estimator Abilene Netflow data (Total number packets) Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  9. SocNet of SPAM harvestors (Xu:09) Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  10. SocNet of SPAM harvestors (Xu:09) Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  11. Prediction • Challenge: learn truly predictive and generalizable models that – Track dynamic shifts over time or space – Extract information from high dimension – Integrate uncalibrated diverse data types Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  12. Cross-fertilizations • Predictive anomaly detection –Transductive learning (Scott08) – Geometric entropy minimization (H06) • Flexible graphical/topological models • How to make these methods scalable? –decomposable version of Lakhina04's PCA for whole-network diagnosis Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  13. Dynamic dwMDS for Abilene (Patwari:05) Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  14. Experiment • Challenge: simulation relies on stale or speculative models while real-world data collection is difficult due to – Disruption of infrastructure – Unreliable ground truth – Significant “observer effects” Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  15. Cross-fertilizations • Adversarial experiment design approaches – Dynamic generalizations of adversarial classification (ACRE, Lowd&Meek06, Dalvi04 ) and greedy minimax (Kraus07) – RL w observer effect (Kreucher06, Murphy06) • Design of experiments for medical clinical trials have similar constraints Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  16. Evaluation • Challenge: establish reliable methods of on- line and offline performance prediction – Incomplete label information/ground truth – Curse of dimensionality • require order 1/ e p samples to determine the values of p experimental variables within error e Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  17. Cross-fertilizations • Bayesian meta-analysis: what is posterior uncertainty of predicted estimation error? • DOE benchmarking: what is theoretically attainable algorithm performance? – Coding and information theory • Error exponents, Fano, Rate-Distortion bounds • Tradeoffs between security and usability (H03) – Minimax, maximax and minimin performance prediction: function estimation and imaging (BickelRitov:90,KostolevTsybakov:93) Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  18. 3. Final remarks • Developing a Science of Security is challenging. • Leverage from other disciplines with high throughput data – Image reconstruction and tomography – Social networks and economic behavior models – Genetics, immunology, and epidemioogy • Main open problems – Adversarial learning environment – Rapidly changing baseline – Data impoverishement – Scalable plan ahead sampling Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Syslog Processing for Switch Failure Diagnosis and Prediction in Datacenter Networks Shenglin

Syslog Processing for Switch Failure Diagnosis and Prediction in Datacenter Networks Shenglin

Syslog Processing for Switch Failure Diagnosis and Prediction in Datacenter Networks Shenglin Zhang, Weibin Meng, Jiahao Bu, Sen Yang Dan Pei, Ying Liu, Jun (Jim) Xu, Yu Chen, Hui Dong, Xianping Qu, Lei Song 9/21/2017 IWQOS 2017 1 Network

645 views • 45 slides
Sentiment Classification User Modeling with Neural Network for Review Rating Prediction. Duyu

Sentiment Classification User Modeling with Neural Network for Review Rating Prediction. Duyu

User Behavior Analysis for Sentiment Classification User Modeling with Neural Network for Review Rating Prediction. Duyu Tang, Bing Qin, Ting Liu. IJCAI 2015, full paper. Learning Semantic Representations of Users and Products for Document

514 views • 16 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Part-II Parametric Signal Modeling and Linear Prediction Theory 3. Linear Prediction Electrical

Part-II Parametric Signal Modeling and Linear Prediction Theory 3. Linear Prediction Electrical

3 Linear Prediction Appendix: Detailed Derivations Part-II Parametric Signal Modeling and Linear Prediction Theory 3. Linear Prediction Electrical & Computer Engineering University of Maryland, College Park Acknowledgment: ENEE630 slides

392 views • 28 slides
1 Description Mur Modeling Prior to 4-way handshake, we assume:

1 Description Mur Modeling Prior to 4-way handshake, we assume:

Scenario: 802.11 Analysis of 4-way handshake protocol in IEEE 802.11i Wired Network Changhua He Stanford University Security ! Mar. 04, 2004 An example of a 802.11 wireless local area network History of Security Concerns Terms

285 views • 3 slides
An Embedding-Based Approach for Oral Disease Diagnosis Prediction from Electronic Medical

An Embedding-Based Approach for Oral Disease Diagnosis Prediction from Electronic Medical

An Embedding-Based Approach for Oral Disease Diagnosis Prediction from Electronic Medical Records Source: ICMHI 2018 Advisor: Jia-Ling Koh Speaker: Chih-Hsuan Tzang Date: 2019/3/18 1 Introduction Method Experiment

542 views • 24 slides
Final Defense Unified Prediction and Diagnosis in Engineering Systems by means of Distributed

Final Defense Unified Prediction and Diagnosis in Engineering Systems by means of Distributed

Final Defense Unified Prediction and Diagnosis in Engineering Systems by means of Distributed Belief Networks Robert H. Dodier Joint Center for Energy Management University of Colorado at Boulder 1 Problem Domain and Proposed Solution

539 views • 40 slides
Fast Variational Algorithms for Statistical Network Modeling and other network modeling advances

Fast Variational Algorithms for Statistical Network Modeling and other network modeling advances

Hierarchical ERG models Fast Variational Algorithms for Statistical Network Modeling and other network modeling advances David Hunter Michael Schweinberger Duy Vu Ruth Hummel Department of Statistics, Penn State University MURI meeting, Nov

521 views • 34 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Dipole : Diagnosis Prediction in Healthcare via Attention- based Bidirectional Recurrent Neural

Dipole : Diagnosis Prediction in Healthcare via Attention- based Bidirectional Recurrent Neural

Dipole : Diagnosis Prediction in Healthcare via Attention- based Bidirectional Recurrent Neural Networks Author: Fenglong Ma, Radha Chitta, Jing Zhou, Quanzeng You, Tong Sun, Jing Gao Source: KDD '17 Advisor: Jia-Ling Koh Speaker: Shih-Han Lo

248 views • 23 slides
Interpreting mechanisms of prediction for skin cancer diagnosis using multi-task learning D.

Interpreting mechanisms of prediction for skin cancer diagnosis using multi-task learning D.

Interpreting mechanisms of prediction for skin cancer diagnosis using multi-task learning D. Coppola 1 (speaker) H. K. Lee 1 , C. Guan 2 1 Bioinformatics Institute, A*STAR, Singapore 2 School of Computer Science and Engineering, NTU, Singapore

357 views • 23 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan

CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan

CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Stefan Savage, David Wagner, and Nick Weaver Threat Modeling for Network Attacks Basic security goals:

804 views • 31 slides
Prediction of cardiac regenerative therapy response by imaging and modeling Frebus van Slochteren

Prediction of cardiac regenerative therapy response by imaging and modeling Frebus van Slochteren

Prediction of cardiac resynchronization therapy response by imaging and modeling Digital Health Stage Prediction of cardiac regenerative therapy response by imaging and modeling Frebus van Slochteren PhD Department of Cardiology University

466 views • 10 slides
A Deep Learning Pipeline for Patient Diagnosis Prediction Using Electronic Health Records BIOKDD

A Deep Learning Pipeline for Patient Diagnosis Prediction Using Electronic Health Records BIOKDD

A Deep Learning Pipeline for Patient Diagnosis Prediction Using Electronic Health Records BIOKDD 2020 19th International Workshop on Data Mining in Bioinformatics Leopold Franz, Dr. Yash Raj Shrestha, Dr. Bibek Paudel 1 | | 29.05.2020

502 views • 23 slides
No Cloud Allowed Denying Service to DDOS Protection Services Presented by: Allison Nixon

No Cloud Allowed Denying Service to DDOS Protection Services Presented by: Allison Nixon

No Cloud Allowed Denying Service to DDOS Protection Services Presented by: Allison Nixon Allison.Nixon@integralis.com Pentesting, Incident Response PaulDotCom host Cloud Based DDOS Protection How it works Fundamental flaws

875 views • 25 slides
Anonymity and Censorship Resistance Entry node Middle node Exit node Tor user Tor Node Tor

Anonymity and Censorship Resistance Entry node Middle node Exit node Tor user Tor Node Tor

Anonymity and Censorship Resistance Entry node Middle node Exit node Tor user Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Network Encrypted tunnel Web server Unencrypted

575 views • 36 slides
Your state is not mine: a closer look at evading stateful internet censorship Zhongjie Wang, Yue

Your state is not mine: a closer look at evading stateful internet censorship Zhongjie Wang, Yue

Your state is not mine: a closer look at evading stateful internet censorship Zhongjie Wang, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V Krishnamurthy University of California, Riverside Background The Great Fire Wall (GFW) A

322 views • 28 slides
Networking Exercise Currently: 10.42.X.X pfSense: 10.42.X.1 Linux Server: 10.42.X.3

Networking Exercise Currently: 10.42.X.X pfSense: 10.42.X.1 Linux Server: 10.42.X.3

Networking Exercise Currently: 10.42.X.X pfSense: 10.42.X.1 Linux Server: 10.42.X.3 Ubuntu ClientA: 10.42.X.2 10.42.X.110 Ubuntu ClientB: 10.42.X.2 10.42.X.111 Windows Server: 10.42.X.4 Windows ClientA:

498 views • 39 slides
GIVING WITH ONE HAND AND TAKING AWAY WITH THE OTHER Carlndia Brito Santos Fernandes Marina Silva

GIVING WITH ONE HAND AND TAKING AWAY WITH THE OTHER Carlndia Brito Santos Fernandes Marina Silva

GIVING WITH ONE HAND AND TAKING AWAY WITH THE OTHER Carlndia Brito Santos Fernandes Marina Silva da Cunha Marcos Roberto Vasconcelos State University of Maring (UEM) Article accepted for publication at Estudios Econmicos V.37, n.73

616 views • 12 slides
W arehousing and Querying Trajectory Data Stream s W ith Error Estim ation Elio Masciari I

W arehousing and Querying Trajectory Data Stream s W ith Error Estim ation Elio Masciari I

W arehousing and Querying Trajectory Data Stream s W ith Error Estim ation Elio Masciari I CAR-CNR DOLAP MAUI 2 Novem ber 2 0 1 2 Trajectory Data Prime Numbers Encoding for Paths Warehousing Steps Experimental Evaluation

262 views • 14 slides
Intersections and Unions of Events CS 70, Summer 2019 Lecture 17, 7/23/19 1 / 25 Last Time:

Intersections and Unions of Events CS 70, Summer 2019 Lecture 17, 7/23/19 1 / 25 Last Time:

Intersections and Unions of Events CS 70, Summer 2019 Lecture 17, 7/23/19 1 / 25 Last Time: Conditional Probability I P [ A | B ] : restricting the sample space to B P [ A B ] = P [ A | B ] P [ B ] = P [ B | A ] P [ A ] I Total

377 views • 26 slides
PH meets ML: Designing visual interfaces for data analysis Christoph Garth Scientific

PH meets ML: Designing visual interfaces for data analysis Christoph Garth Scientific

PH meets ML: Designing visual interfaces for data analysis Christoph Garth Scientific Visualization Heike Leitte Visual Information Analysis Dagstuhl Meeting on Topology Heike Leitte 20.07.17 Structure and Patterns in Spatial

1.1k views • 18 slides

More recommend