MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
IDS alert classification model
1. Presented By: Guided By:
Aakash Khandelwal Prof Bansode.N.S
Dilip Jangam
Sachin Rupnawar
Sinhagad Institute Of Technology 3/8/2013 1
2. Introduction
Need of IDS
Types of IDS
Literature Survey
Proposed System
Framework
Applications
Advantages & Limitations
Conclusion
References
Sinhagad Institute Of Technology 3/8/2013 2
4. Denial of service[1]
Threat to Confidentiality[1]
Modification of contents[1]
Masquerade[1]
IDS and Firewalls
Sinhagad Institute Of Technology 3/8/2013 4
5. Host Based IDS[1][3]
Network Based IDS[1][6]
Sinhagad Institute Of Technology 3/8/2013 5
6. Genetic Algorithms[2]
NeuralNetwork[1]
Data Mining Approaches[1]
Drawbacks Of Existing System[1]
Sinhagad Institute Of Technology 3/8/2013 6
7. Detection of ‘False Intrusion Alerts’ 3 Stages
-Alert preprocessing phase
-Model constructing Phase
-Rule Defining Phase
Removal of resource usage problem
Sinhagad Institute Of Technology 3/8/2013 7
8. Fig 1:Decision Support System Architecture[1]
Sinhagad Institute Of Technology 3/8/2013 8
9. Fig 2:Decision Support System in Experiment[1]
Sinhagad Institute Of Technology 3/8/2013 9
10. Defence
Banking
Database
Antivirus
Sinhagad Institute Of Technology 3/8/2013 10
11. Detect attack that cannot be seen by NIDS
Can operate in an environment in which network
traffic is encrypted
Removes Resource Usage Problem
Sinhagad Institute Of Technology 3/8/2013 11
12. Since at least the information sources reside on the host
targeted by attacks, the IDS may be attacked and
disabled as port of the attack
Since they use the computing resources of the hosts they
are monitoring, therefore inflicting a performance cost
on the monitored systems
Sinhagad Institute Of Technology 3/8/2013 12
13. The alert classication model is useful for experts to
discover suspicious or intrusion patterns quickly and
precisely, and lightens the load of on-line alert
analysis for experts.
Sinhagad Institute Of Technology 3/8/2013 13
14. [1] Yan Zhang; Shuguang Huang; Yongyi Wang; , "IDS Alert Classification Model
Construction Using Decision Support Techniques," Computer Science and
Electronics Engineering (ICCSEE), 2012 International Conference on , vol.1, no.,
pp.301-305, 23-25 March 2012
[2] Owais, S.; Snasel, V.; Kromer, P.; Abraham, A.; , "Survey: Using Genetic Algorithm
Approach in Intrusion Detection Systems Techniques," Computer Information
Systems and Industrial Management Applications, 2008. CISIM '08. 7th , vol., no.,
pp.300-307, 26-28 June 2008
[3] Lin Ying; Zhang Yan; Ou Yang-jia; , "The Design and Implementation of Host-
Based Intrusion Detection System," Intelligent Information Technology and Security
Informatics (IITSI), 2010 Third International Symposium on , vol., no., pp.595-598,
2-4 April 2010
[4] William Stallings, “Cryptography and Network Security”, Principles and Practices,
Third
Edition.
[5] D. E. Denning, "An intrusion-detection model". IEEE Transactions on Software
Engineering, Vol. SE-13(No. 2):222-232, Feb. 1987.
[6] Stephen Northcutt, Judy Novak, “Network Intrusion Detection”, Third Edition,
Pearson
Education 2003.
Sinhagad Institute Of Technology 3/8/2013 14
15. Thank You!!!!!
Sinhagad Institute Of Technology 3/8/2013 15
Editor's Notes
have been used to discover either unknown or useful patterns for experts, lots of hidden and concealed intrusion patterns may still be escaped because of insufficient and dirty Our idea is to construct a decision support system to help experts construct an alert classification model for on-line intrusion detection of IDS alerts.information.