predictive security analysis
play

Predictive Security Analysis Concepts, Implementation, first Results - PowerPoint PPT Presentation

Mar 01, 2023 •25 likes •276 views

Predictive Security Analysis Concepts, Implementation, first Results in Industrial Scenario Roland Rieke 1 Romain Giot 2 Chrystel Gaber 2 1 Fraunhofer SIT, Darmstadt, Germany Email: roland.rieke@sit.fraunhofer.de 2 France Tlcom-Orange Labs,

  1. Predictive Security Analysis Concepts, Implementation, first Results in Industrial Scenario Roland Rieke 1 Romain Giot 2 Chrystel Gaber 2 1 Fraunhofer SIT, Darmstadt, Germany Email: roland.rieke@sit.fraunhofer.de 2 France Télécom-Orange Labs, Caen, France Email: romain.giot@orange.com, chrystel.gaber@orange.com CYBER SECURITY & PRIVACY EU FORUM 2013, 19th April 2013 Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 1

  2. Overview Advanced Security Information & Event Management 1 Predictive Security Analysis @ Runtime 2 Mobile Money Transfer Scenario 3 Conclusions 4 Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 2

  3. Advanced Security Information & Event Management Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 3

  4. Advanced SIEM - tomorrow Requirements High interoperability - heterogeneity of input sources High scalability - handle and processing of load peaks of events High elasticity - resources coupling the flow of events Features/Properties Multi-domain - different application areas Cross-layer - logical security, physical security and service layer Predictive security analysis Countermeasures selection and evaluation - RORI Trustworthiness and resilience framework Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 4

  5. Example: Mobile Money Transfer Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 5

  6. Requirements-driven System Design Business Process Olympic Money Managed Critical Infra- games Transfer Enterprise structure Application n G u i i d s e e l Infrastructure i D n e s Security Requirements Compiler Trust- l i n t e a g r c a Analysis i Technologies n t i h o worthiness c n e T Event Legal Close Resilient Fit to Processing Basis problem information and space gap affordable Physical + Resilient Scalability logical events operations Unknown Elasticity Countermea- behavior sure Support Breakdown to Failure Cross-layer challenges prediction OSSIM/Prelude Integration Attack/response Heterogenity analysis A3 - Event and A4 – Event, Process A5 – Advanced SIEM Information Models and Attack Framework Collection Models Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 6

  7. Knowledge is built on theory. The theory of knowledge teaches us that a statement, if it conveys knowledge, predicts future outcome, with risk of being wrong, and that it fits without failure observations of the past. — William Edwards Deming Predictive Security Analysis @ Runtime Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 7

  8. Operational Model of Process Discover process e 2 1. model Petri net, EPC process model e 3 Process Instance e 1 e 2 event stream e 3 e 1 Event past time future time use process a 2 model to predict Predict close-future a 1 future actions a 1 , a 2 process behaviour e 2 event stream 2. e 3 e 1 past time future time Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 8

  9. Adapt Process Model Detect unknown pro- e 2 e 5 process model cess actions does not contain e 3 e 4 e x e 1 3. e 2 event stream e x e 1 past time future time e 2 e 5 process model Belief change w.r.t. e 3 with e x e 4 e 1 e x process model e 2 event stream 4. e x e 1 past time future time Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 9

  10. Predict Security Violations Detect missing e 2 e 5 use process events model to predict e 3 e 4 future events e 1 5. e 2 event stream e 4 e 1 past time future time auth ( a x , a 1 , agent ) security require- Predict feasible se- ment related to a 1 curity violations a x process history 6. and predicted a 1 actions past time future time Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 10

  11. Predictive Security Analysis Tool Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 11

  12. Mobile Money Transfer Scenario Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 12

  13. Mobile Money Transfer Scenario (GSM, UMTS, ...) End user Operator’s network Channel User (http, https, ...) Mobile Money Transfer Platform Admin Internet (http, https, ...) Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 13

  14. Illustration of Money Laundering Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 14

  15. PSA Configuration for Detection Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 15

  16. PSA Behavior on Real Events - Obtained Transitions tiny 16582 229296 18527 minuscule 39903 5059 1572 2643 4127 small 921 17137 80693 1888 416837 9762 38490 2166 26332 2559 1168 normal 66 1096991 2667 19 238 23208 219 156699 200 152345 5168 4038 48703 42204 51 1837 827 1126 7303 11120 medium 360754 672 10988 67514 36566 2136 13315 560 37194 224 9022 43919 4999 11756 311465 11319 huge 99543 1785 98532 14387 702 691 15131 1048 66447 big 707 439637 1090 73843 70719 large 60684 135934 39224 start Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 16

  17. PSA Behavior on Real Events - Scaling 5000000 Events Unexpected Events 4000000 3000000 Events 2000000 1000000 0 0 50 100 150 200 250 300 350 400 Processing time (minutes) Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 17

  18. PSA Behavior on Real Events - Facts Simple EPC with alerts 4.5 millions of events treated in 6 hours 0.5 millions of alerts generated Complete EPC without alerts 4.5 millions of events treated in 33 minutes 0 alerts generated Facts ⇒ Processing time is minimal when no alerts have to be generated PSA is able to manage in real time all the logs of an operational system ◮ Best case: 2272 events/second without alerts ◮ Worst case: 25 events/second with alerts Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 18

  19. PSA Behavior on Simulated Events - Simulation As we do not have a groundtruth on the real events ⇒ it is necessary to work with simulated events Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 19

  20. PSA Behavior on Simulated Events - Results tiny 103 111 105 small 105 33 23 5 start 4 48 1 large 167 3 4 huge Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 20

  21. PSA Behavior on Simulated Events - Deeper analysis EU18 EU19 EU42 EU4 EU49 Ret4 EU40 EU44 Ret1 EU41 370 EU30 EU2 285 233 EU0 EU21 64 EU26 204 611 FR2 132 12 EU6 EU27 426 274 143 Ret3 299 FR1 213 97 EU1 EU3 Ret2 Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 21 EU38

  22. Conclusions Money Transfer MMTS analysis utilizes alerts generated by the uncertainty reasoning component of PSA to detect money laundering patterns. PSA is able to detect irregular events regarding the behavior of the user of the MMTS system. It is necessary to cope with False Alarms and make decisions regarding the alerts. Critical Infra- Managed Olympic structure Enterprise games MASSIF ( http://www.massif-project.eu/ ) will analyse advantages of PSA with respect to “measuring” security and compliance @ runtime. Advanced application-aware SIEM requires novel concepts such as PSA. Lesson learned: SoS need to be designed for security assessment @ runtime. Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 22

  23. Conclusions Money Transfer MMTS analysis utilizes alerts generated by the uncertainty reasoning component of PSA to detect money laundering patterns. PSA is able to detect irregular events regarding the behavior of the user of the MMTS system. It is necessary to cope with False Alarms and make decisions regarding the alerts. Critical Infra- Managed Olympic structure Enterprise games MASSIF ( http://www.massif-project.eu/ ) will analyse advantages of PSA with respect to “measuring” security and compliance @ runtime. Advanced application-aware SIEM requires novel concepts such as PSA. Lesson learned: SoS need to be designed for security assessment @ runtime. Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 22

  24. Conclusions Money Transfer MMTS analysis utilizes alerts generated by the uncertainty reasoning component of PSA to detect money laundering patterns. PSA is able to detect irregular events regarding the behavior of the user of the MMTS system. It is necessary to cope with False Alarms and make decisions regarding the alerts. Critical Infra- Managed Olympic structure Enterprise games MASSIF ( http://www.massif-project.eu/ ) will analyse advantages of PSA with respect to “measuring” security and compliance @ runtime. Advanced application-aware SIEM requires novel concepts such as PSA. Lesson learned: SoS need to be designed for security assessment @ runtime. Roland Rieke, Romain Giot Predictive Security Analysis CSP’13 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How Better Are Predictive Robust Interval . . . Models: Analysis on the Analysis of the Problem

How Better Are Predictive Robust Interval . . . Models: Analysis on the Analysis of the Problem

Predictions Are Important Traditional Statistics . . . Predictive Approach Measurement . . . How Better Are Predictive Robust Interval . . . Models: Analysis on the Analysis of the Problem How Accurate Are . . . Practically Important

368 views • 22 slides
Using Predictive Analytics to Detect F Fraudulent Claims d l Cl i May 17, 2011 Roosevelt C.

Using Predictive Analytics to Detect F Fraudulent Claims d l Cl i May 17, 2011 Roosevelt C.

Using Predictive Analytics to Detect F Fraudulent Claims d l Cl i May 17, 2011 Roosevelt C. Mosley, Jr., FCAS, MAAA CAS Spring Meeting Palm Beach, FL Experience the Pinnacle Difference! Predictive Analysis for Fraud Claim fraud is

546 views • 37 slides
The Promise and Peril of Predictive Analytics in Higher Education: A Landscape Analysis Manuela

The Promise and Peril of Predictive Analytics in Higher Education: A Landscape Analysis Manuela

The Promise and Peril of Predictive Analytics in Higher Education: A Landscape Analysis Manuela Ekowo Policy Analyst New America January 6, 2017 Enrollment Management What it is Who is using it Admissions teams use past student

488 views • 12 slides
Why the Best Predictive What Do We Mean by . . . Models Are Often Different Main Result: . . .

Why the Best Predictive What Do We Mean by . . . Models Are Often Different Main Result: . . .

Predictive vs. . . . Remaining Problem: . . . Need for Formalization What Do We Mean by . . . Why the Best Predictive What Do We Mean by . . . Models Are Often Different Main Result: . . . Proof for Predictive Case from the Best Explanatory

900 views • 28 slides
Predictive Prioritization Focusing On What Matters First Elena Sergeeva Security Engineer

Predictive Prioritization Focusing On What Matters First Elena Sergeeva Security Engineer

Predictive Prioritization Focusing On What Matters First Elena Sergeeva Security Engineer VULNERABILITY MANAGEMENT TODAY Vulnerability Management In Brief A Assess Legacy and A Modern Assets Remediate Intelligent R

840 views • 19 slides
Kernel Methods for Predictive Sequence Analysis Cheng Soon Ong 1 , 2 and Gunnar Rtsch 1 1

Kernel Methods for Predictive Sequence Analysis Cheng Soon Ong 1 , 2 and Gunnar Rtsch 1 1

Kernel Methods for Predictive Sequence Analysis Cheng Soon Ong 1 , 2 and Gunnar Rtsch 1 1 Friedrich Miescher Laboratory, Tbingen 2 Max Planck Institute for Biological Cybernetics, Tbingen Tutorial at the German Conference on Bioinformatics

583 views • 30 slides
(Predictive Discriminant Analysis) Ricco RAKOTOMALALA Ricco Rakotomalala 1 Tutoriels Tanagra -

(Predictive Discriminant Analysis) Ricco RAKOTOMALALA Ricco Rakotomalala 1 Tutoriels Tanagra -

(Predictive Discriminant Analysis) Ricco RAKOTOMALALA Ricco Rakotomalala 1 Tutoriels Tanagra - http://data-mining-tutorials.blogspot.fr/ Maximum A Posteriori Rule Calculating the posterior probability

215 views • 17 slides
Predictive Analytics for Capacity Planning HIC 2015 Andrae Gaeth What is predictive

Predictive Analytics for Capacity Planning HIC 2015 Andrae Gaeth What is predictive

Evaluating Predictive Analytics for Capacity Planning HIC 2015 Andrae Gaeth What is predictive analytics? Predictive analytics is the practice of extracting information from existing data sets, and then applying various techniques (eg,

452 views • 15 slides
How Big Data Is Driving Companies Data Security Data Science Digital Predictive Automation

How Big Data Is Driving Companies Data Security Data Science Digital Predictive Automation

How Big Data Is Driving Companies Data Security Data Science Digital Predictive Automation Analytics Top 10 Business Intelligence DevOps Trinity Chief Analytics Officer Buzzwords for 2019 ContinuousNext Digital Citizen Chatbots

223 views • 19 slides
Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols 01 Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief introduction to security protocols; Model checking of security protocols, particularly using the process

1.28k views • 110 slides
Predictive Schedule Analysis Captain Jim Mangie Flight Operations Pilot Fatigue Program

Predictive Schedule Analysis Captain Jim Mangie Flight Operations Pilot Fatigue Program

Predictive Schedule Analysis Captain Jim Mangie Flight Operations Pilot Fatigue Program Starting Point The Beginning - What we already have Always keeping the science in mind.. Must begin with reactive and proactive hazard

822 views • 14 slides
Automating Predictive Analytics www.xpanseanalytics.com Agenda Predictive Analytics vs

Automating Predictive Analytics www.xpanseanalytics.com Agenda Predictive Analytics vs

Automating Predictive Analytics www.xpanseanalytics.com Agenda Predictive Analytics vs Classification The Problem 3 Case Studies The Solution Demo Time Q&A xpanse analytics - confidential materials Some real-life examples from the

318 views • 12 slides
E9 205 Machine Learning for Signal Processing Linear Predictive Analysis 22-08-2016 Linear

E9 205 Machine Learning for Signal Processing Linear Predictive Analysis 22-08-2016 Linear

E9 205 Machine Learning for Signal Processing Linear Predictive Analysis 22-08-2016 Linear Prediction Current sample expressed as a linear combination of past samples n- 3 n- 2 n- 1 n a 1 a 2 a 3 Properties of LP Error signal (for the

489 views • 20 slides
Bayesian Models for Combining Data Across Subjects and Studies in Predictive fMRI Data Analysis

Bayesian Models for Combining Data Across Subjects and Studies in Predictive fMRI Data Analysis

Bayesian Models for Combining Data Across Subjects and Studies in Predictive fMRI Data Analysis Thesis Proposal Indrayana Rustandi April 3, 2007 Outline Motivation and Thesis Preliminary results: Hierarchical Gaussian Naive Bayes

627 views • 43 slides
Predictive Analytics for TDOT HELP AASHTO STSMO Meeting September 14, 2017 Rapid City, South

Predictive Analytics for TDOT HELP AASHTO STSMO Meeting September 14, 2017 Rapid City, South

Predictive Analytics for TDOT HELP AASHTO STSMO Meeting September 14, 2017 Rapid City, South Dakota What is Predictive Analytics? An analysis tool that uses historical and current data to forecast future activity, behavior and trends.

433 views • 24 slides
Chapter 9 Linear Predictive Analysis of Speech Signals 1 LPC

Chapter 9 Linear Predictive Analysis of Speech Signals 1 LPC

Chapter 9 Linear Predictive Analysis of Speech Signals 1 LPC Methods LPC methods are the most widely used in speech coding, speech synthesis, speech recognition, speaker recognition and verification and

869 views • 49 slides
Drivers & Inhibitors for Mobile Drivers & Inhibitors for Mobile Growth in South Asia

Drivers & Inhibitors for Mobile Drivers & Inhibitors for Mobile Growth in South Asia

Drivers & Inhibitors for Mobile Drivers & Inhibitors for Mobile Growth in South Asia Growth in South Asia K V Seshasayee (Hinduja TMT), T V Ramachandran (Director General, COAI) & Ashok Jhunjhunwala (IITM) S. Asian Wireless

347 views • 20 slides
3D Science in the Oklahoma School Testing Program (OSTP) National Conference on Student

3D Science in the Oklahoma School Testing Program (OSTP) National Conference on Student

3D Science in the Oklahoma School Testing Program (OSTP) National Conference on Student Assessment June 2018 The Journey So Far 2014 New Standards Frameworks Informed Stakeholders and a Strategic Process Now Implementation

519 views • 23 slides
Slide 1 / 27 Slide 2 / 27 AP Chemistry Equilibrium Part B: Le-Chatelier's Principle, Q, and

Slide 1 / 27 Slide 2 / 27 AP Chemistry Equilibrium Part B: Le-Chatelier's Principle, Q, and

Slide 1 / 27 Slide 2 / 27 AP Chemistry Equilibrium Part B: Le-Chatelier's Principle, Q, and Calculating K values . 2014-10-29 www.njctl.org Slide 3 / 27 Table of Contents click on the topic to go to that section Le-Chatlier's Principle

597 views • 38 slides
Self Care 1 do not have. -Milton Trager Lesson Plan: Self Care 1 1. Breath of Arrival 2.

Self Care 1 do not have. -Milton Trager Lesson Plan: Self Care 1 1. Breath of Arrival 2.

You cannot give what you Self Care 1 do not have. -Milton Trager Lesson Plan: Self Care 1 1. Breath of Arrival 2. Classroom Rules 3. Attendance 4. Self Care 1 Classroom Rules Punctuality- everybody's time is precious: Be ready

588 views • 39 slides
TRANSPARENT CONDUCTIVE CNT/POLYMER NANOCOMPOSITES FOR ORGANIC SOLAR CELL APPILICATION Sung Hwan

TRANSPARENT CONDUCTIVE CNT/POLYMER NANOCOMPOSITES FOR ORGANIC SOLAR CELL APPILICATION Sung Hwan

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS TRANSPARENT CONDUCTIVE CNT/POLYMER NANOCOMPOSITES FOR ORGANIC SOLAR CELL APPILICATION Sung Hwan Jin 1 , Seung Il Cha 2 , Gwang Hoon Jun 1 , Seokwoo Jeon 1 and Soon Hyung Hong 1 * 1 Department

308 views • 5 slides
SENIOR HIGH SCHOOL (GRADES 11-12) K-12 EDUCATIONAL PROGRAM Provide time for students to

SENIOR HIGH SCHOOL (GRADES 11-12) K-12 EDUCATIONAL PROGRAM Provide time for students to

SENIOR HIGH SCHOOL (GRADES 11-12) K-12 EDUCATIONAL PROGRAM Provide time for students to consolidate acquired academic skills and competencies in preparation for their chosen career path after high school. Graduates of the new educational

444 views • 20 slides
AREVIR, Kln, 08.05.2015 RESINA 2001-2014 Dr. Bjrn Jensen Klinik fr Gastroenterologie,

AREVIR, Kln, 08.05.2015 RESINA 2001-2014 Dr. Bjrn Jensen Klinik fr Gastroenterologie,

AREVIR, Kln, 08.05.2015 RESINA 2001-2014 Dr. Bjrn Jensen Klinik fr Gastroenterologie, Hepatologie und Infektiologie Universittsklinikum Dsseldorf The RESINA Study (Genotypic HIV-Resistance in Treatment-Naives) Ongoing prospective

260 views • 12 slides
Subaru light-echo spectroscopy of historic galactic SNe: Revealing the nature of Tychos SN1572

Subaru light-echo spectroscopy of historic galactic SNe: Revealing the nature of Tychos SN1572

Subaru light-echo spectroscopy of historic galactic SNe: Revealing the nature of Tychos SN1572 and Cas A Oliver Krause Max-Planck-Institute for Astronomy, Heidelberg In collaboration with: Ken Nomoto, Masaomi Tanaka (IPMU, U. Tokyo)

426 views • 16 slides

More recommend