o uso da transformada de haar na detec o de anomalias no
play

O uso da Transformada de Haar na Deteco de Anomalias no Trfego Web - PowerPoint PPT Presentation

Jan 25, 2024 •266 likes •658 views

O uso da Transformada de Haar na Deteco de Anomalias no Trfego Web C. Cappo 1 R. C. Nunes 2 B. Mozaquattro 2 A. Kozakevicius 2 C. Schaerer 1 1 Facultad Politcnica, Universidad Nacional de Asuncin, Paraguay 2 Centro de Tecnologa

  1. O uso da Transformada de Haar na Detecção de Anomalias no Tráfego Web C. Cappo 1 R. C. Nunes 2 B. Mozaquattro 2 A. Kozakevicius 2 C. Schaerer 1 1 Facultad Politécnica, Universidad Nacional de Asunción, Paraguay 2 Centro de Tecnología Universidade Federal de Santa María, RS, Brasil XIII Brazilian Symposium on Information and Computer Systems Security

  2. Introduction Our approach to detect anomalies in web applications Experiments and Results Conclusions and future Work Outline Introduction 1 Motivation Anomaly detection Our approach to detect anomalies in web applications 2 Main characteristics Wavelet Transform Theory Wavelet Algorithm for attack Detection Experiments and Results 3 Dataset & Attacks Results Conclusions and future Work 4 C. Cappo,R.C.Nunes, B. Mozaquattro, A. Kozakevicius and C. Schaerer 2

  3. Introduction Our approach to detect anomalies in web applications Motivation Experiments and Results Anomaly detection Conclusions and future Work Outline Introduction 1 Motivation Anomaly detection Our approach to detect anomalies in web applications 2 Main characteristics Wavelet Transform Theory Wavelet Algorithm for attack Detection Experiments and Results 3 Dataset & Attacks Results Conclusions and future Work 4 C. Cappo,R.C.Nunes, B. Mozaquattro, A. Kozakevicius and C. Schaerer 3

  4. Introduction Our approach to detect anomalies in web applications Motivation Experiments and Results Anomaly detection Conclusions and future Work Motivation Internet has become a habitual tool used by millions of people in the world. The use of web applications, such as, blogs, news, social networks, webmails, e-commerce , among may others, has become conventional. Protecting these applications from attacks is a critical issue. The number of new vulnerabilities discovered in 2012 were 5291 and web-based attacks increased by almost a third in 2012 ( according to Symantec Internet Security Threat Report, 2013 - Vol 18 ) One form of protection is to use Intrusion Detection System (IDS). There are two main approaches in detection algorithms IDS design: signature-based and anomaly-based . We focus on the design of anomaly-based detection algorithms. C. Cappo,R.C.Nunes, B. Mozaquattro, A. Kozakevicius and C. Schaerer 4

  5. Introduction Our approach to detect anomalies in web applications Motivation Experiments and Results Anomaly detection Conclusions and future Work Outline Introduction 1 Motivation Anomaly detection Our approach to detect anomalies in web applications 2 Main characteristics Wavelet Transform Theory Wavelet Algorithm for attack Detection Experiments and Results 3 Dataset & Attacks Results Conclusions and future Work 4 C. Cappo,R.C.Nunes, B. Mozaquattro, A. Kozakevicius and C. Schaerer 5

  6. Introduction Our approach to detect anomalies in web applications Motivation Experiments and Results Anomaly detection Conclusions and future Work Anomaly-based approach The analysis is based on the observation of any substantial variation of any specific characteristic with respect to the commonly determined behavior. A significant deviation from usual behavior is considered an anomaly, and so an attack. Does not need the knowledge of previous attack pattern. Can potentially detect novel attacks. C. Cappo,R.C.Nunes, B. Mozaquattro, A. Kozakevicius and C. Schaerer 6

  7. Introduction Our approach to detect anomalies in web applications Motivation Experiments and Results Anomaly detection Conclusions and future Work Anomaly Detection in Web Application In the context of web application this approach has the following advantages: No requirement of a priori knowledge of the web-application. Capacity of self adaptation to periodic maintenance of the web applications in focus. Polymorphic and unknown attacks detection capacity (ex. zero-day attack) Custom-developed web applications protection skill. C. Cappo,R.C.Nunes, B. Mozaquattro, A. Kozakevicius and C. Schaerer 7

  8. Introduction Our approach to detect anomalies in web applications Motivation Experiments and Results Anomaly detection Conclusions and future Work Anomaly Detection in Web Application In the context of web application this approach has the following advantages: No requirement of a priori knowledge of the web-application. Capacity of self adaptation to periodic maintenance of the web applications in focus. Polymorphic and unknown attacks detection capacity (ex. zero-day attack) Custom-developed web applications protection skill. We focus in anomaly-based algorithms to detect attack against web applications . C. Cappo,R.C.Nunes, B. Mozaquattro, A. Kozakevicius and C. Schaerer 8

  9. Introduction Main characteristics Our approach to detect anomalies in web applications Wavelet Transform Theory Experiments and Results Wavelet Algorithm for attack Detection Conclusions and future Work Outline Introduction 1 Motivation Anomaly detection Our approach to detect anomalies in web applications 2 Main characteristics Wavelet Transform Theory Wavelet Algorithm for attack Detection Experiments and Results 3 Dataset & Attacks Results Conclusions and future Work 4 C. Cappo,R.C.Nunes, B. Mozaquattro, A. Kozakevicius and C. Schaerer 9

  10. Introduction Main characteristics Our approach to detect anomalies in web applications Wavelet Transform Theory Experiments and Results Wavelet Algorithm for attack Detection Conclusions and future Work Characteristics(1) The detector analyzes the HTTP requests sending to the web application [IP] - - [TS] "GET /page.php?p=calAcad HTTP/1.1" .. [IP] - - [TS] "GET /page.php?p=allnews HTTP/1.1" .. [IP] - - [TS] "GET /page.php?p=trabajo HTTP/1.1" .. [IP] - - [TS] "GET /page.php?p=ingeInfo HTTP/1.1" .. [IP] - - [TS] "GET /page.php?p=ingeInfo HTTP/1.0" .. [IP] - - [TS] "GET /page.php?p=mapsite HTTP/1.1" .. [IP] - - [TS] "GET /page.php?p=admision HTTP/1.1" .. [IP] - - [TS] "GET /page.php?p=ingeInfo HTTP/1.1" .. [IP] - - [TS] "GET /page.php?p=materias HTTP/1.0" .. [IP] - - [TS] "GET /page.php?p=examenes HTTP/1.1" .. The data analyzed for the anomaly detection is the URL Query String of the HTTP request. C. Cappo,R.C.Nunes, B. Mozaquattro, A. Kozakevicius and C. Schaerer 10

  11. Introduction Main characteristics Our approach to detect anomalies in web applications Wavelet Transform Theory Experiments and Results Wavelet Algorithm for attack Detection Conclusions and future Work Characteristics(2) The data model is based in the character distribution of the URL Query String. Our method requires only a few normal data for frequency enhancement. The principal detection algorithm is based only in current data. The principal hypothesis is that attacks perturbs significantly the frequency of some characters. We apply the bidimensional Discrete Wavelet Transform (DWT), particularly the Haar Wavelet Transform, to detect the anomalies in character frequency distribution. C. Cappo,R.C.Nunes, B. Mozaquattro, A. Kozakevicius and C. Schaerer 11

  12. Introduction Main characteristics Our approach to detect anomalies in web applications Wavelet Transform Theory Experiments and Results Wavelet Algorithm for attack Detection Conclusions and future Work Modeling the anomaly using the character distribution A window analyzed without attacks (a) (b) 0 14 Frequency Frequency 18 12 16 14 10 12 50 10 8 8 ASCII 6 6 4 2 100 4 0 50 2 100 250 150 200 150 0 ASCII 150 0 50 100 150 200 250 200 100 50 HTTP Request 250 HTTP Request 0 C. Cappo,R.C.Nunes, B. Mozaquattro, A. Kozakevicius and C. Schaerer 12

  13. Introduction Main characteristics Our approach to detect anomalies in web applications Wavelet Transform Theory Experiments and Results Wavelet Algorithm for attack Detection Conclusions and future Work Modeling the anomaly using the character distribution A window analyzed with two attacks (a) (b) 0 14 Frequency Frequency 18 12 16 14 10 12 50 10 8 8 ASCII 6 6 4 2 100 4 0 50 2 100 250 150 200 150 0 ASCII 150 0 50 100 150 200 250 200 100 50 HTTP Request 250 HTTP Request 0 C. Cappo,R.C.Nunes, B. Mozaquattro, A. Kozakevicius and C. Schaerer 13

  14. Introduction Main characteristics Our approach to detect anomalies in web applications Wavelet Transform Theory Experiments and Results Wavelet Algorithm for attack Detection Conclusions and future Work Outline Introduction 1 Motivation Anomaly detection Our approach to detect anomalies in web applications 2 Main characteristics Wavelet Transform Theory Wavelet Algorithm for attack Detection Experiments and Results 3 Dataset & Attacks Results Conclusions and future Work 4 C. Cappo,R.C.Nunes, B. Mozaquattro, A. Kozakevicius and C. Schaerer 14

  15. Introduction Main characteristics Our approach to detect anomalies in web applications Wavelet Transform Theory Experiments and Results Wavelet Algorithm for attack Detection Conclusions and future Work Wavelets - Introduction The wavelet transform extracts information from the analyzed data in different resolution levels. Describes a signal in terms of a coarse overall shape plus a family of details. In the bidimensional case, the input data is given as a matrix and the 2D Discrete Wavelet Transformation consists in performing the 1D wavelet transform in all rows and then in all columns. C. Cappo,R.C.Nunes, B. Mozaquattro, A. Kozakevicius and C. Schaerer 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Object Detection using Haar like Features CS 395T: Visual Recognition and Search Harshdeep

Object Detection using Haar like Features CS 395T: Visual Recognition and Search Harshdeep

Object Detection using Haar like Features CS 395T: Visual Recognition and Search Harshdeep Singh The Detector Using boosted cascades of Haar like features Proposed by [Viola, Jones 2001] Implementation available in OpenCV

736 views • 32 slides
Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa)

Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa)

Surveillance Event Detec/on (SED) Time ime Pres esent entation ion 11:10 11:30 Task Overview (NIST) Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa) 11:50 12:10 Dublin City

674 views • 28 slides
Op -n-haar- na EU - project Ergohair WORKSHOP BRUSSELS 4 April 2019 EU Project

Op -n-haar- na EU - project Ergohair WORKSHOP BRUSSELS 4 April 2019 EU Project

Op -n-haar- na EU - project Ergohair WORKSHOP BRUSSELS 4 April 2019 EU Project ErgoHair VP/2016/001/0050 Promotor: UBK/UCB vzw-asb Miet Verhamme Op -n-haar- na EU - project Ergohair Lead applicant UBK/UCB vzw

596 views • 8 slides
Cardinal invariants of the Haar null ideal M ark Po or E otv os Lor and

Cardinal invariants of the Haar null ideal M ark Po or E otv os Lor and

Introduction Uniformity and covering number Cofinality Questions Cardinal invariants of the Haar null ideal M ark Po or E otv os Lor and University, Budapest Descriptive Set Theory in Turin September 2017 joint work with M

545 views • 30 slides
The Haar Wavelet Transform: Compression and Adams and Halsey Reconstruction Patterson Damien

The Haar Wavelet Transform: Compression and Adams and Halsey Reconstruction Patterson Damien

The Haar Wavelet Transform: Compression and Recon- struction Damien The Haar Wavelet Transform: Compression and Adams and Halsey Reconstruction Patterson Damien Adams and Halsey Patterson December 13, 2006 The Haar Wavelet Transform:

338 views • 18 slides
Object Detec)on Ali Farhadi CSE 576 We have talked about

Object Detec)on Ali Farhadi CSE 576 We have talked about

Object Detec)on Ali Farhadi CSE 576 We have talked about Nearest Neighbor Nave Bayes Logis)c Regression Boos)ng We saw face

707 views • 36 slides
Framing and error detec.on 1 1 0 1 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 1 0 0 1 1 1 0

Framing and error detec.on 1 1 0 1 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 1 0 0 1 1 1 0

Framing and error detec.on 1 1 0 1 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 1 0 0 1 1 1 0 1 1 0 0 0 1 1 0 1 1 0 1 1 1 1 0 1 1 1 0 0 1 1 0 1 1 1 0 1 1 1 0 1 0 CSCI 466: Networks Keith Vertanen

461 views • 27 slides
Autofocusing with the help of the empirical Haar transform Przemysaw Sliwi nski and

Autofocusing with the help of the empirical Haar transform Przemysaw Sliwi nski and

Introduction Problem statement and algorithm Properties Single-photon AF Conclusions Autofocusing with the help of the empirical Haar transform Przemysaw Sliwi nski and Krzysztof Berezowski Institute of Computer Engineering, Control

1.13k views • 82 slides
Bernard ter Haar 11 October 2017 1. How do we make policies in the Netherlands? 2.

Bernard ter Haar 11 October 2017 1. How do we make policies in the Netherlands? 2.

Bernard ter Haar 11 October 2017 1. How do we make policies in the Netherlands? 2. Decentralisation of social domain; an attempt for an integral approach; 3. Inequality and complexity; 4. The dynamics of the labour market and the slowness of the

287 views • 25 slides
JIA C. Mala*a, N. ter Haar, M. Vicecon6 WP5: JIA WP5 and WP10 OBJECTIVES To develop a

JIA C. Mala*a, N. ter Haar, M. Vicecon6 WP5: JIA WP5 and WP10 OBJECTIVES To develop a

JIA C. Mala*a, N. ter Haar, M. Vicecon6 WP5: JIA WP5 and WP10 OBJECTIVES To develop a personalized image-based JOINT BIOMECHANICAL MODELING to explore how biomechanical changes may influence the spread of arthritis or structural damage

754 views • 53 slides
DISTROY: Detec-ng IC Trojans with Compressive Measurements

DISTROY: Detec-ng IC Trojans with Compressive Measurements

DISTROY: Detec-ng IC Trojans with Compressive Measurements Youngjune Gwon, H. T. Kung, and Dario Vlah Harvard University August 9, 2011 Understanding

415 views • 17 slides
1/24/14 February 7, 2014 Fraud Detec/on and Preven/on

1/24/14 February 7, 2014 Fraud Detec/on and Preven/on

1/24/14 February 7, 2014 Fraud Detec/on and Preven/on Presented by: Steve Wischmann, CPA, CFE, CFF, CCFE, MAFF Agenda 1. Actual Minnesota School Cases in the

497 views • 12 slides
OverFeat Integrated Recogni.on, Localiza.on and Detec.on using

OverFeat Integrated Recogni.on, Localiza.on and Detec.on using

OverFeat Integrated Recogni.on, Localiza.on and Detec.on using Convolu.onal Networks Sermanet et. al Presenta.on by Eric Holmdahl Roadmap 1. Goal 2. Background

743 views • 47 slides
Detec%ng Inconsistencies in JavaScript MVC Applica%ons Frolin S.

Detec%ng Inconsistencies in JavaScript MVC Applica%ons Frolin S.

Detec%ng Inconsistencies in JavaScript MVC Applica%ons Frolin S. Ocariza, Jr., Karthik PaAabiraman and Ali Mesbah University of British Columbia Most popular

504 views • 37 slides
Character Codes and Error Detec=on 2 Homework #1

Character Codes and Error Detec=on 2 Homework #1

Computer Systems and Networks ECPE 170 Jeff Shafer University of the Pacific Character Codes and Error Detec=on 2 Homework #1

456 views • 17 slides
2012 TRECVID Workshop Mul$media Event Detec$on Task Jonathan

2012 TRECVID Workshop Mul$media Event Detec$on Task Jonathan

Mul$media Event Detec$on Task Time ime Pres esent entation ion Task Overview (NIST) 9:20 9:40 9:40 10:00 Access to Audiovisual Media (AXES) 10:00 10:20 SRI International; Sarnoff Corporation (Aurora) Break in the

549 views • 21 slides
Fast Discriminative Visual Codebooks using Randomized Clusering Forests Frank Moosmann, Bill

Fast Discriminative Visual Codebooks using Randomized Clusering Forests Frank Moosmann, Bill

Fast Discriminative Visual Codebooks using Randomized Clusering Forests Frank Moosmann, Bill Triggs, and Frederic Jurie Presented by: Andrew F. Dreher CS 395T - Spring 2007 Contributions 1) Creating visual words using classification

430 views • 24 slides
Method for reflection removal: user assisted Find I 1 and I 2 such that: 1. I 1 and I 2

Method for reflection removal: user assisted Find I 1 and I 2 such that: 1. I 1 and I 2

Method for reflection removal: user assisted Find I 1 and I 2 such that: 1. I 1 and I 2 sum up to I 2. The gradient of I 1 at points in S 1 should match the gradient of I at those points. 3. The gradient of I 2 at points in S 2 should match

744 views • 45 slides
Why Triangular Membership We Want to Select the . . . Functions Are Often Efficient What Noises n

Why Triangular Membership We Want to Select the . . . Functions Are Often Efficient What Noises n

Practical Problem: . . . F-Transform Approach . . . Triangular Functions: . . . What Is a Trend: . . . Why Triangular Membership We Want to Select the . . . Functions Are Often Efficient What Noises n ( t ) . . . Case of Interval . . . in

315 views • 30 slides
Concepts and Algorithms of Scientific and Visual Computing Wavelets CS448J, Autumn 2015,

Concepts and Algorithms of Scientific and Visual Computing Wavelets CS448J, Autumn 2015,

Concepts and Algorithms of Scientific and Visual Computing Wavelets CS448J, Autumn 2015, Stanford University Dominik L. Michels Wavelets Wavelet functions can be seen as an analog to window functions in the context of the wavelet

417 views • 9 slides
Chapter 2 Tight-frames An Introduction 1 Outline 1. Tight-frame 1. Tight-frame 2. Matrix

Chapter 2 Tight-frames An Introduction 1 Outline 1. Tight-frame 1. Tight-frame 2. Matrix

Chapter 2 Tight-frames An Introduction 1 Outline 1. Tight-frame 1. Tight-frame 2. Matrix Representation 2. Matrix Representation 2 1 Tight Frames 3 Construction of Haar Wavelet = + 4 2 Construction of Haar Wavelet 5 Construction

450 views • 16 slides
Wavelets on the symmetric group Risi Kondor Walter Dempsey f ( ) = f ( ) (

Wavelets on the symmetric group Risi Kondor Walter Dempsey f ( ) = f ( ) (

Wavelets on the symmetric group Risi Kondor Walter Dempsey f ( ) = f ( ) ( ) S n S 3

247 views • 14 slides
Category-level localization g y Cordelia Schmid Cordelia Schmid Recognition Recognition

Category-level localization g y Cordelia Schmid Cordelia Schmid Recognition Recognition

Category-level localization g y Cordelia Schmid Cordelia Schmid Recognition Recognition Classification Classification Object present/absent in an image Often presence of a significant amount of background clutter

314 views • 19 slides
CS4495/6495 Introduction to Computer Vision 4B-L2 Matching feature points (a little) Feature

CS4495/6495 Introduction to Computer Vision 4B-L2 Matching feature points (a little) Feature

CS4495/6495 Introduction to Computer Vision 4B-L2 Matching feature points (a little) Feature Points We know how to detect points Feature Points We know how to describe them Feature Points Next question: How to match them? ? How

329 views • 18 slides

More recommend