embeddable intrusion detection system ids n.
Download
Skip this Video
Download Presentation
Embeddable Intrusion Detection System (IDS)

Loading in 2 Seconds...

play fullscreen
1 / 1

Embeddable Intrusion Detection System (IDS) - PowerPoint PPT Presentation


  • 127 Views
  • Uploaded on

Embeddable Intrusion Detection System (IDS). Adrian P. Lauf, William H. Robinson, Vanderbilt University Institute for Software Integrated Systems Richard A. Peters, Vanderbilt University Center for Intelligent Systems. Project Description. Machine Learning Algorithm.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Embeddable Intrusion Detection System (IDS)' - colt-reid


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
embeddable intrusion detection system ids
Embeddable Intrusion Detection System (IDS)

Adrian P. Lauf, William H. Robinson, Vanderbilt University Institute for Software Integrated Systems

Richard A. Peters, Vanderbilt University Center for Intelligent Systems

Project Description

Machine Learning Algorithm

  • Security Scenario: a network of aircraft shares position and mission information
    • A deviant node exists
    • The deviant node behaves differently
    • Connected aircraft record activities
  • Method: develop a system to provide high-level analysis of interactions in a homogenous device network
    • An activity profile is established
    • Machine learning techniques used to build node profiles
    • Profiles analyzed by the IDS engine
  • Step 1: IDS analyzes inter-node requests and actions
  • Step 2: History of requests kept for each node
  • Step 3: Node activity histories aggregated in History Table
  • Step 4: Process to analyze activity
    • Organization of action labels according to Gaussian distribution
    • Detection of local maxima from summed histories
    • Gaussian normalization adjust tolerance factor for maxima detection
  • Step 5: Node histories added in groups of 10 occurrences to stabilize changes in behavior
  • Device interactions
    • Each device maintains its own set of node activity histories and history tables
    • Devices do not maintain information “self “data
    • Should multiple devices identify a deviant node, it can be excised from the network

IDS Performance and Future Work

Embedded Application

RS-232/Ethernet

  • Data packet-level analysis has high computational costs
  • High-level abstraction of interactions can reduce this cost
    • Each agent node is equipped with a lightweight IDS
  • Prototype implementation
    • ARM9-based development board
    • Java codebase running on Linux 2.6 kernel
    • Code optimization reduces number of cycles for power reduction
  • Results using only maxima detection show promise
    • High detection accuracy achieved under test conditions (> 99%)
  • False positives appeared only under extremely low tolerance values
  • Future work: Scalability
    • Determine range of agent network sizes and deviant nodes that can be used with this IDS
  • Future work: Gaussian normalization
    • Normalization of label distribution will assist detection and eliminate manual tuning
    • Will require calibration period and possibly sample test data
  • Future work: Resource analysis
    • Prototype will yield data on power consumption and computational overhead

Abstraction Levels

Implemented

March 20, 2007