1 / 16

Intrusion Detection System

Intrusion Detection System. Bruno Melo Diego da Silva Matheus Finatti Vinicio Meira. Advised by Dr. Xiang Fu. Intrusion Detection System. Monitor system processes Detect Analyze Block. Malicious Activities. System Architecture. CLUSTER. IDS. Support Vector Machine - SVM.

annice
Download Presentation

Intrusion Detection System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intrusion Detection System Bruno Melo Diego da Silva Matheus Finatti Vinicio Meira Advised by Dr. Xiang Fu

  2. Intrusion Detection System • Monitor system processes • Detect • Analyze • Block Malicious Activities

  3. System Architecture • CLUSTER • IDS

  4. Support Vector Machine - SVM • Analyze Data • Recognize Patterns • Classify Data

  5. SVM

  6. SVM

  7. Classified Data SVM

  8. SVM Interface for IDS • Interface LIBSVM • SVM • IDS

  9. Cluster Operation Modes Training mode: $ python clustey.py --train -c <logfolder> -w <function name> Predict mode: $ python cluster.py --judge -r <modelfile> * Test data is in the environment variable called “request”

  10. Main Module - Java™ Program • Generate C++ Wrappers • LD_PRELOAD • LD_LIBRARY_PATH • dlsym() • Intercept and log Apache library calls • Monitor Apache library calls • How to generate wrappers?

  11. Configuration File

  12. IDS Operation Modes - Train • Parse Configuration File • Generate and compile wrapper • Start Apache • Intercept calls and generate log files

  13. IDS Operation Modes – Complete Train • Stop Apache • Send log files to cluster’s training mode

  14. IDS Operation Modes – Monitor • Parse configuration file • Generate and compile wrapper • Start listening server to communicate with wrapper • Start Apache • Intercept calls and send to listening server • Send response to C++ wrapper • Send log entry to cluster to analyze • If rejected, ask user if Apache should be killed

  15. Using IDS Modes • Training mode: • # java –jar ids.jar -c <configfile> -o <outfile> -mode train [-v|-i] • Complete train mode: • # java –jar ids.jar –p <logpath> -mode completetrain • Monitor mode: • # java –jar ids.jar -c <configfile> -o <outfile> -mode monitor

  16. Demonstration

More Related