modeling prediction and diagnosis for network security
play

Modeling, prediction and diagnosis for network security Alfred Hero - PowerPoint PPT Presentation

Dec 04, 2023 •235 likes •432 views

Modeling, prediction and diagnosis for network security Alfred Hero University of Michigan 1. Network monitoring and tomography 2. Science of security: opportunities 3. Concluding remarks Alfred Hero NSF-IARPA SOS Workshop Nov 2008 1.

  1. Modeling, prediction and diagnosis for network security Alfred Hero University of Michigan 1. Network monitoring and tomography 2. Science of security: opportunities 3. Concluding remarks Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  2. 1. Network monitoring and tomography • Internally sensed network tomography (Treichler05, Rabbat06) C A ? D B E • End-point prediction and tracking(Justice06) ? ? ? ? ? ? Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  3. 2. Science of security: opportunities • Science of Security • Scientific method – Sparse, incomplete? – Observation – Model selection? – Hypothesis – Baseline drift? – Prediction – Observer effect? – Experiment – Benchmarks? – Evaluation Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  4. Observation • Challenge: Critical security breaches are covert, rare, and non-repeatable – Any set of observations will necessarily be sparse and incomplete – Persistent and pervasive multimodal monitoring impractical Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  5. Cross-fertilizations • Information-driven sensor management – Plan-ahead learning with POMDP (Carin:06, Blatt06) – Q-learning for reactive targets (Kreucher:06) – Performance prediction (H07, Castanon08) • ISNT applications (Rabbat08,Justice06), but more research needed – Necessary and sufficient sampling rate? – Distributed processing and inference? – Scalable algorithms and approximations? Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  6. Hypothesis • Challenge: infer stable models of attack and ambient behaviors that can be reliably tested – Central question: how to discover hidden latent structure of partially observed variables? Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  7. Cross-fertilizations • Statistical model selection: how many attack patterns are there and how to identify them? • Unsupervised hypothesis generation – Bayesian factor analysis (West05) – Information driven PCA (FINE, IPCA) (Carter08_b) – Complexity filtering (Carter08_a) – Social networks of behavoir (Xu09) • How to make these approaches scalable to whole network security applications? Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  8. Complexity filtering (Carter:08_a) Intrinsic dimension estimator Abilene Netflow data (Total number packets) Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  9. SocNet of SPAM harvestors (Xu:09) Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  10. SocNet of SPAM harvestors (Xu:09) Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  11. Prediction • Challenge: learn truly predictive and generalizable models that – Track dynamic shifts over time or space – Extract information from high dimension – Integrate uncalibrated diverse data types Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  12. Cross-fertilizations • Predictive anomaly detection –Transductive learning (Scott08) – Geometric entropy minimization (H06) • Flexible graphical/topological models • How to make these methods scalable? –decomposable version of Lakhina04's PCA for whole-network diagnosis Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  13. Dynamic dwMDS for Abilene (Patwari:05) Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  14. Experiment • Challenge: simulation relies on stale or speculative models while real-world data collection is difficult due to – Disruption of infrastructure – Unreliable ground truth – Significant “observer effects” Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  15. Cross-fertilizations • Adversarial experiment design approaches – Dynamic generalizations of adversarial classification (ACRE, Lowd&Meek06, Dalvi04 ) and greedy minimax (Kraus07) – RL w observer effect (Kreucher06, Murphy06) • Design of experiments for medical clinical trials have similar constraints Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  16. Evaluation • Challenge: establish reliable methods of on- line and offline performance prediction – Incomplete label information/ground truth – Curse of dimensionality • require order 1/ e p samples to determine the values of p experimental variables within error e Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  17. Cross-fertilizations • Bayesian meta-analysis: what is posterior uncertainty of predicted estimation error? • DOE benchmarking: what is theoretically attainable algorithm performance? – Coding and information theory • Error exponents, Fano, Rate-Distortion bounds • Tradeoffs between security and usability (H03) – Minimax, maximax and minimin performance prediction: function estimation and imaging (BickelRitov:90,KostolevTsybakov:93) Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

  18. 3. Final remarks • Developing a Science of Security is challenging. • Leverage from other disciplines with high throughput data – Image reconstruction and tomography – Social networks and economic behavior models – Genetics, immunology, and epidemioogy • Main open problems – Adversarial learning environment – Rapidly changing baseline – Data impoverishement – Scalable plan ahead sampling Alfred Hero NSF-IARPA SOS Workshop – Nov 2008

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Syslog Processing for Switch Failure Diagnosis and Prediction in Datacenter Networks Shenglin

Syslog Processing for Switch Failure Diagnosis and Prediction in Datacenter Networks Shenglin

Syslog Processing for Switch Failure Diagnosis and Prediction in Datacenter Networks Shenglin Zhang, Weibin Meng, Jiahao Bu, Sen Yang Dan Pei, Ying Liu, Jun (Jim) Xu, Yu Chen, Hui Dong, Xianping Qu, Lei Song 9/21/2017 IWQOS 2017 1 Network

645 views • 45 slides
Sentiment Classification User Modeling with Neural Network for Review Rating Prediction. Duyu

Sentiment Classification User Modeling with Neural Network for Review Rating Prediction. Duyu

User Behavior Analysis for Sentiment Classification User Modeling with Neural Network for Review Rating Prediction. Duyu Tang, Bing Qin, Ting Liu. IJCAI 2015, full paper. Learning Semantic Representations of Users and Products for Document

514 views • 16 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Part-II Parametric Signal Modeling and Linear Prediction Theory 3. Linear Prediction Electrical

Part-II Parametric Signal Modeling and Linear Prediction Theory 3. Linear Prediction Electrical

3 Linear Prediction Appendix: Detailed Derivations Part-II Parametric Signal Modeling and Linear Prediction Theory 3. Linear Prediction Electrical & Computer Engineering University of Maryland, College Park Acknowledgment: ENEE630 slides

392 views • 28 slides
1 Description Mur Modeling Prior to 4-way handshake, we assume:

1 Description Mur Modeling Prior to 4-way handshake, we assume:

Scenario: 802.11 Analysis of 4-way handshake protocol in IEEE 802.11i Wired Network Changhua He Stanford University Security ! Mar. 04, 2004 An example of a 802.11 wireless local area network History of Security Concerns Terms

285 views • 3 slides
An Embedding-Based Approach for Oral Disease Diagnosis Prediction from Electronic Medical

An Embedding-Based Approach for Oral Disease Diagnosis Prediction from Electronic Medical

An Embedding-Based Approach for Oral Disease Diagnosis Prediction from Electronic Medical Records Source: ICMHI 2018 Advisor: Jia-Ling Koh Speaker: Chih-Hsuan Tzang Date: 2019/3/18 1 Introduction Method Experiment

542 views • 24 slides
Final Defense Unified Prediction and Diagnosis in Engineering Systems by means of Distributed

Final Defense Unified Prediction and Diagnosis in Engineering Systems by means of Distributed

Final Defense Unified Prediction and Diagnosis in Engineering Systems by means of Distributed Belief Networks Robert H. Dodier Joint Center for Energy Management University of Colorado at Boulder 1 Problem Domain and Proposed Solution

539 views • 40 slides
Fast Variational Algorithms for Statistical Network Modeling and other network modeling advances

Fast Variational Algorithms for Statistical Network Modeling and other network modeling advances

Hierarchical ERG models Fast Variational Algorithms for Statistical Network Modeling and other network modeling advances David Hunter Michael Schweinberger Duy Vu Ruth Hummel Department of Statistics, Penn State University MURI meeting, Nov

521 views • 34 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Dipole : Diagnosis Prediction in Healthcare via Attention- based Bidirectional Recurrent Neural

Dipole : Diagnosis Prediction in Healthcare via Attention- based Bidirectional Recurrent Neural

Dipole : Diagnosis Prediction in Healthcare via Attention- based Bidirectional Recurrent Neural Networks Author: Fenglong Ma, Radha Chitta, Jing Zhou, Quanzeng You, Tong Sun, Jing Gao Source: KDD '17 Advisor: Jia-Ling Koh Speaker: Shih-Han Lo

248 views • 23 slides
Interpreting mechanisms of prediction for skin cancer diagnosis using multi-task learning D.

Interpreting mechanisms of prediction for skin cancer diagnosis using multi-task learning D.

Interpreting mechanisms of prediction for skin cancer diagnosis using multi-task learning D. Coppola 1 (speaker) H. K. Lee 1 , C. Guan 2 1 Bioinformatics Institute, A*STAR, Singapore 2 School of Computer Science and Engineering, NTU, Singapore

357 views • 23 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan

CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan

CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Stefan Savage, David Wagner, and Nick Weaver Threat Modeling for Network Attacks Basic security goals:

804 views • 31 slides
Prediction of cardiac regenerative therapy response by imaging and modeling Frebus van Slochteren

Prediction of cardiac regenerative therapy response by imaging and modeling Frebus van Slochteren

Prediction of cardiac resynchronization therapy response by imaging and modeling Digital Health Stage Prediction of cardiac regenerative therapy response by imaging and modeling Frebus van Slochteren PhD Department of Cardiology University

466 views • 10 slides
A Deep Learning Pipeline for Patient Diagnosis Prediction Using Electronic Health Records BIOKDD

A Deep Learning Pipeline for Patient Diagnosis Prediction Using Electronic Health Records BIOKDD

A Deep Learning Pipeline for Patient Diagnosis Prediction Using Electronic Health Records BIOKDD 2020 19th International Workshop on Data Mining in Bioinformatics Leopold Franz, Dr. Yash Raj Shrestha, Dr. Bibek Paudel 1 | | 29.05.2020

502 views • 23 slides
Types of Expert Systems Interpretation Systems Prediction Systems Diagnosis Systems

Types of Expert Systems Interpretation Systems Prediction Systems Diagnosis Systems

Types of Expert Systems Interpretation Systems Prediction Systems Diagnosis Systems Design Systems Planning Systems Monitoring Systems Debugging Systems Repair Systems Instruction Systems Control

329 views • 7 slides
Lifelong Sequential Modeling for User Response Prediction Kan Ren, Jiarui Qin, Yuchen Fang,

Lifelong Sequential Modeling for User Response Prediction Kan Ren, Jiarui Qin, Yuchen Fang,

Lifelong Sequential Modeling for User Response Prediction Kan Ren, Jiarui Qin, Yuchen Fang, Weinan Zhang, Lei Zheng, Yong Yu Weijie Bian, Guorui Zhou, Jian Xu, Xiaoqiang Zhu, Kun Gai May 2019 User Response Prediction Predict the

725 views • 16 slides
AUTO-CAAS: Model-Based Fault Prediction and Diagnosis of Automotive Software . Wojciech

AUTO-CAAS: Model-Based Fault Prediction and Diagnosis of Automotive Software . Wojciech

. AUTO-CAAS: Model-Based Fault Prediction and Diagnosis of Automotive Software . Wojciech Mostowski Halmstad University, Sweden . AstaZero Researchers Day 2016 . hh.se . . . . . Outline 1 Project overview 2 Consortium 3 Model-based

311 views • 30 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020

CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020

CSE 127: Introduction to Security Lecture 13: Network Attacks Deian Stefan UCSD Fall 2020 Material from Nadia Heninger, Stefan Savage, David Wagner, and Nick Weaver Threat modeling for network attacks Basic security goals:

1.11k views • 39 slides
CSE 127: Introduction to Security Lecture 10: Network Attacks Deian Stefan UCSD Winter 2020

CSE 127: Introduction to Security Lecture 10: Network Attacks Deian Stefan UCSD Winter 2020

CSE 127: Introduction to Security Lecture 10: Network Attacks Deian Stefan UCSD Winter 2020 Material from Nadia Heninger, Stefan Savage, David Wagner, and Nick Weaver Threat Modeling for Network Attacks Basic security goals:

585 views • 36 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides

More recommend