slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Overview PowerPoint Presentation
Download Presentation
Overview

Loading in 2 Seconds...

play fullscreen
1 / 13

Overview - PowerPoint PPT Presentation


  • 113 Views
  • Uploaded on

KB-IDS – Application Design Document Knowledge-based Temporal Abstraction Host-based Intrusion Detection System for Android. Version 1.0 Team members: Uri Kanonov , Elad Ankry , Eliya Rahamim May 18 th 2009 Academic Advisor: Dr. Yuval Elovici Technical Advisor: Asaf Shabtai.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Overview' - porter


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

KB-IDS – Application Design DocumentKnowledge-basedTemporalAbstraction Host-based Intrusion Detection System for Android

Version 1.0 Team members: Uri Kanonov, EladAnkry, EliyaRahamimMay 18th 2009 Academic Advisor: Dr. Yuval Elovici

Technical Advisor: AsafShabtai

KB-IDS Application Design Document

overview
Overview
  • Detailed system architecture
  • Brief overview of the system requirements
  • Main classes – Agent
  • Overview of the KBTA algorithm
  • Main classes – KBTA Processor
  • Overview of User Interface
  • Tasks List
  • Questions?

KB-IDS Application Design Document

global architecture
Global architecture

Agent

Threat Weighting Unit

Service

Graphical User Interface

SQLite

Processors

KBTA

NetProtect

Control Center

KB-IDS Application Design Document

primary system requirements functional non functional
Primary system requirementsFunctional Non-Functional
  • Agent
    • Feature extraction
    • Sending of extracted features to processors and Control Center
    • Receive alerts from the Threat Weighting Unit
  • KBTA Processor
    • Processing according to the KBTA algorithm
    • Producing threat assessments
  • Threat Weighting Unit
    • Threat assessment weighting
    • Sending of assessments to the Agent
  • Overall CPU usage should be under 10% (must be lightweight)

KB-IDS Application Design Document

agent main classes
Agent - main classes

Agent

Graphical User Interface

Configuration Manager

Service

NetProtect

NetProtect

Control Center

Alert Handler

Processor Manager

Feature Manager

Monitored Data

Processor

Feature Extractor

SQLite

Threat Weighting Unit

Processors

Linux Kernel

Application Framework

KBTA

KB-IDS Application Design Document

overview of the kbta algorithm
Overview of the KBTA Algorithm
  • Time-Stamped Raw Data:
    • - Primitive Parameters
    • - Events
  • Higher Level Meaningful Temporal Information:
    • - Contexts
    • - Abstractions (Trends, States)
    • - Temporal Patterns

Knowledge

(KBTA Security ontology)

  • Four inference mechanisms:
    • - Temporal Context Forming
    • - Contemporaneous Abstraction
    • - Temporal Interpolation
    • - Temporal Pattern Matching

Securing Android-based Devices T+9

overview of the kbta algorithm1
Overview of the KBTA Algorithm

Ontology ontology;

InstanceContainer instances;

incrementalKBTA(List<primitive> primitives, List<event> events){

instances.add(primitives);

instances.add(events);

while (instances.hasNew()){

createContexts(instances, ontology);

createAbstractions(instances, ontology);

interpolateAbstractions(instances, ontology);

}

createPatterns(instances, ontology);

}

Securing Android-based Devices T+9

overview of the kbta algorithm example scenario
Overview of the KBTA Algorithm Example Scenario

Amount of non-system applications with the Camera permission

Legend

Apps_With_Permission_Camera

Primitive

Context

State

Many_Apps_With_Camera_Permission

Alert

Amount of pictures taken in the last 2 minutes

Pictures_Taken

Camera_Usage

Camera_Abuse

Securing Android-based Devices T+9

kbta processor main classes
KBTA-Processor- Main Classes

Agent

KBTA-Processor

NetProtect

Ontology

NetProtect

Control Center

Pattern

Threat Weighting Unit

State

Service

Instance Container

Trend

Context

Primitive

Threat Assessment

Threat Assessor

Event

KB-IDS Application Design Document

overview of user interface
Overview of User Interface

Main screen Settings screen Alert screen

Securing Android-based Devices T+9

overview of user interface1
Overview of User Interface

Alert description Alert handled

Securing Android-based Devices T+9

task list
Task List
  • KBTA
    • Context Destructions19/05/09 - 21/05/09
    • Trend21/05/09 - 25/05/09
    • Pattern25/04/09 - 01/06/09
    • Settings Screen01/06/09 - 06/06/09
    • Sending elements to NetProtect06/06/09 - 08/06/09
  • Testing08/06/09 - 23/06/09

Securing Android-based Devices T+9

slide13

End

Questions?

KB-IDS Application Design Document