Computer Account Hijacking Detection Using a Neural Network

apricotpigletΤεχνίτη Νοημοσύνη και Ρομποτική

19 Οκτ 2013 (πριν από 3 χρόνια και 10 μήνες)

134 εμφανίσεις

Computer Account
Hijacking Detection
Using a Neural Network

Nick Pongratz

Math 340

Neural Networks

-

Example Simple Network
-

[!] graphic taken from http://blizzard.gis.uiuc.edu/htmldocs/Neural/neural.html

Neural Networks

-

Backpropagation
-

[!] graphic taken from http://blizzard.gis.uiuc.edu/htmldocs/Neural/neural.html

Computer Security
Introduction


General computer use is skyrocketing.


Growing reliance on networks.


Greater need to “keep the bad guys out.”

Computer Security
Introduction


Reactive Security



Proactive Security

Computer Security
Introduction

-

Reactive Security
-


Break
-
in already occurred or is occurring.



Minimize/repair damage already done.



Patch the system against further similar
attacks.

Computer Security
Introduction

-

Reactive Security
-


Current applications:


Most virus scanners

Misuse detection

Most Intrusion Detection Systems

Computer Security
Introduction

-

Proactive Security
-


Strong passwords and correct permissions.


Secure software and operating systems.


Find system insecurities before bad guys do.


Physical security.


Self
-
adapting, smart systems.

Computer Security
Introduction

-

Proactive Security
-


Current applications:


Self
-
assessment

Some virus scanners


heuristics

Anomaly detection


Intrusion Detection
Systems

-

General Info
-


Most are reactive.


Detect strange behavior.


Analyze user I/O, network I/O, processes.


Look for
misuse

and
anomalies
.


Intrusion Detection
Systems

-

Misuse Detection
-


Compare activity with “
signatures
” of
known attacks.


Signatures typically hand
-
coded.


Good

for known attacks


Bad

for previously unknown attacks


Intrusion Detection
Systems

-

Anomaly Detection
-


Compare activity with typical activity


“Fingerprints”


Adaptive


Good for detecting unusual behavior.


Not great for realtime monitoring.

MY PROJECT:

Neural Network Anomaly
Detection System

Neural Network Anomaly
Detection System


Currently analyses
user behavior


Checks against fingerprints


Extendable


Adaptive


Semi
-
hybrid: Mostly reactive, has proactive
elements


Neural Network Anomaly
Detection System

-

Neural Net Technical Details
-


Currently implemented in MATLAB.


Object
-
oriented.


Uses a
feedforward backpropagation

neural network.


Input
: vector of command
-
use frequency.


Output
: vector of true/false guesses of the
corresponding users.

Neural Network Anomaly
Detection System

-

System Details
-

1.
Sysadmin runs logs through trained
network.

2.
System reports the status of the results.

3.
Admin (or an automation system) acts on
report.

Neural Network Anomaly
Detection System

-

Pros and Cons
-


Pros:

Accurate

Extendable

Adjusts


Cons:

After
-
the
-
fact (not realtime)

Training data MUST be legitimate

Training can take a while

One part of complete security system

Neural Network Anomaly
Detection System

-

Future Directions
-


Extend to network communication.


Extend to running processes.


Include progression information in training.


Realtime (?)


Automatic response automation (?)


Any Questions,
Comments, Protests, a
Summer Job For Me?

Nick Pongratz

njpongratz@students.wisc.edu

http://www.cs.wisc.edu/~nicholau/

Thank You!