Neural Technology and Fuzzy Systems in Network Security Project Progress 2 PowerPoint PPT Presentation

presentation player overlay
1 / 8
About This Presentation
Transcript and Presenter's Notes

Title: Neural Technology and Fuzzy Systems in Network Security Project Progress 2


1
Neural Technology and Fuzzy Systems in Network
SecurityProject Progress 2
  • Group 2
  • Omar Ehtisham Anwar 2005-02-0129
  • Aneela Laeeq 2005-02-0023

2
Neural Techniques
  • IPS tools are based on static rules alone
  • Neural Techniques seek to classify all new events
    and highlight those that appear most threatening
  • Neural Techniques allow the security expert to be
    the final arbiter

3
The Neural Security Layer
  • Fuzzy Clustering
  • Creates a baseline profile of the network in
    various states by training itself
  • Establishes patterns and does not determine an
    exact profile of what a user does
  • Uses algorithms that identify these patterns and
    separates clusters accordingly
  • Kernel Classifier
  • Determines which existing cluster a new event
    most likely belongs to
  • Classifies events according to how far away they
    are from the norm (any existing cluster)
  • Events farthest away bubble to the top where
    administrators take manual action
  • Uses algorithms based on non-linear distribution
    laws, which use statistics to track what happens
    over extended periods of time

4
  • Clusters
  • A set of XML files that become model filters or
    knowledge base for the network resource being
    monitored
  • The knowledge base is continually updated based
    on
  • Results of day-to-day activities
  • Data from third-party sources, such as IDS
    signatures

5
Six Steps to Producing Security Intelligence
  • Designate Data Data can be system log entries or
    any other raw or formatted measure of activity in
    the environment.
  • Model Analyst Expertise Variables, weights,
    centers and pertinent even knowledge comprise the
    analytic or data mining model are configured
    based on the specific analysis requirements and
    the unique attributes of the particular
    environment.
  • Train Model Process of organizing the designated
    security data into multi-dimensional event
    vectors within the context of the analytic
    models. This establishes the baseline activity.
  • Generate Knowledge Live or offline data is
    compared against the contents of the training
    baseline and classified accordingly.
  • Teach Model User-supervision and infusion of
    expert knowledge essential to accurate event
    classification and system base-lining and to
    filter out non-threatening anomalous activity.
  • Leverage Knowledge System output is invaluable
    for the real-time or offline analysis, detection
    and prevention of any type of potentially
    internal and external criminal activity or system
    misuse.

6
Neural Security (NS) Tool
  • Monitors activity on Microsoft Internet
    Information Server (IIS) Web servers
  • Preconfigured to monitor activity on a single IIS
    server or an entire server farm
  • In training mode, examines IIS logs to determine
    normal activity of the server and creates its
    clusters
  • Comes with a knowledge base of known IIS exploits
  • Unlike rule-based security systems, NS quickly
    adapts to each unique installation and will
    continue to adapt as more information is added to
    its knowledge base

7
Neural Security (NS) Tool
  • Training Mode
  • Organize IIS-specific data into clusters that
    reflect normal use patterns (both trusted and
    untrusted) within the server environment
  • Process or organizing clusters guided through the
    use of a built-in knowledge base of published
    attack signatures
  • Monitor Mode
  • Compare all incoming requests to IIS against the
    Training Database to determine whether it falls
    within acceptable distance of trusted activity
  • Within limits of trusted activity Process
    Continues
  • Outside limits of trusted activity Initiate
    whatever action has been configured e.g. post an
    on-screen alert, block untrusted connection or
    shut down IIS

8
Neural Security (NS) Tool
  • Maintenance
  • Proper classification of events is essential
  • Maintain as Security Alerts are displayed, or
  • Review Security Alert Log periodically
  • After re-classification of events, Re-Train
    database
  • NS remembers correct classification and
    characteristics of events, which is then
    applicable to the analysis of subsequent events
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "Neural Technology and Fuzzy Systems in Network Security Project Progress 2" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!