Computer%20Account%20Hijacking%20Detection%20Using%20a%20Neural%20Network

1
Computer Account Hijacking Detection Using a
Neural Network

• Nick Pongratz
• Math 340

2
Neural Networks- Example Simple Network -
! graphic taken from http//blizzard.gis.uiuc.ed
u/htmldocs/Neural/neural.html
3
Neural Networks- Backpropagation -
! graphic taken from http//blizzard.gis.uiuc.ed
u/htmldocs/Neural/neural.html
4
Computer Security Introduction

• General computer use is skyrocketing.
• Growing reliance on networks.
• Greater need to keep the bad guys out.

5
Computer Security Introduction

• Reactive Security
• Proactive Security

6
Computer Security Introduction- Reactive
Security -

• Break-in already occurred or is occurring.
• Minimize/repair damage already done.
• Patch the system against further similar attacks.

7
Computer Security Introduction- Reactive
Security -

• Current applicationsMost virus scannersMisuse
  detectionMost Intrusion Detection Systems

8
Computer Security Introduction- Proactive
Security -

• Strong passwords and correct permissions.
• Secure software and operating systems.
• Find system insecurities before bad guys do.
• Physical security.
• Self-adapting, smart systems.

9
Computer Security Introduction- Proactive
Security -

• Current applicationsSelf-assessmentSome virus
  scanners heuristicsAnomaly detection

10
Intrusion Detection Systems- General Info -

• Most are reactive.
• Detect strange behavior.
• Analyze user I/O, network I/O, processes.
• Look for misuse and anomalies.

11
Intrusion Detection Systems- Misuse Detection -

• Compare activity with signatures of known
  attacks.
• Signatures typically hand-coded.
• Good for known attacks
• Bad for previously unknown attacks

12
Intrusion Detection Systems- Anomaly Detection -

• Compare activity with typical activity
• Fingerprints
• Adaptive
• Good for detecting unusual behavior.
• Not great for realtime monitoring.

13
MY PROJECT

• Neural Network Anomaly Detection System

14
Neural Network Anomaly Detection System

• Currently analyses user behavior
• Checks against fingerprints
• Extendable
• Adaptive
• Semi-hybrid Mostly reactive, has proactive
  elements

15
Neural Network Anomaly Detection System- Neural
Net Technical Details -

• Currently implemented in MATLAB.
• Object-oriented.
• Uses a feedforward backpropagation neural
  network.
• Input vector of command-use frequency.
• Output vector of true/false guesses of the
  corresponding users.

16
Neural Network Anomaly Detection System- System
Details -

1. Sysadmin runs logs through trained network.
2. System reports the status of the results.
3. Admin (or an automation system) acts on report.

17
Neural Network Anomaly Detection System- Pros
and Cons -

• ProsAccurateExtendableAdjusts
• ConsAfter-the-fact (not realtime)Training data
  MUST be legitimateTraining can take a whileOne
  part of complete security system

18
Neural Network Anomaly Detection System- Future
Directions -

• Extend to network communication.
• Extend to running processes.
• Include progression information in training.
• Realtime (?)
• Automatic response automation (?)

19
Any Questions, Comments, Protests, a Summer Job
For Me?
Thank You!

• Nick Pongratznjpongratz_at_students.wisc.edu
• http//www.cs.wisc.edu/nicholau/