![Page 1: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/1.jpg)
Mayukh DassArtificial Intelligence Center,
University of GeorgiaAthens,Georgia,
U.S.A.
![Page 2: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/2.jpg)
ContentsContents
What is Intrusion Detection? How it is affecting the society? What are the present techniques used? What is new in LIDS? Why should we use autonomous agents? What are the components of LIDS? Is LIDS working? What is left to do in future?
![Page 3: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/3.jpg)
Intrusion DetectionIntrusion Detection
Problem of identifying unauthorized users.
Protect the system from being compromised.
2 categories: Misuse Detection. Anomaly Detection.
Revenue loss in 2002 = $455,848,000(CSI/FBI Computer Crime and Security Survey,
2002.)
![Page 4: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/4.jpg)
Invaders of the Invaders of the civilizationcivilization
![Page 5: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/5.jpg)
Altruistic side of Altruistic side of hackinghacking
![Page 6: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/6.jpg)
Next-generation Next-generation hackershackers
![Page 7: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/7.jpg)
Intrusions provide jobsIntrusions provide jobs
![Page 8: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/8.jpg)
Intrusion Detection Intrusion Detection TechniquesTechniques
Rule-based. Data Mining. Artificial Neural Network. Genetic Algorithm. Statistical Methods. Agent framework:
Autonomous Agents. Intelligent Agent. Mobile Agents.
Mapping Human Immunization
![Page 9: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/9.jpg)
Commercial Intrusion Commercial Intrusion Detection SystemsDetection Systems
• they are rule based.
• high maintenance cost.
• not very reliable.
• large number of false positive alerts.
• not very flexible.
• non-scalable (snort : for “average” system).
• high overall cost.
Example : Snort, SHADOW, and so on..
![Page 10: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/10.jpg)
Reliable Network Reliable Network Security System. Security System.
What??What??
![Page 11: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/11.jpg)
Features of LIDS:Features of LIDS:Learning Intrusion Learning Intrusion Detection System.Detection System.
Reliable. Flexible. Behavior based. Blackboard-based architecture. controlled by autonomous agents. Learning and adapting capability. Low maintenance cost. Uses building blocks of computational
intelligence as intrusion analyzer. Low rate of false positive alarm.
![Page 12: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/12.jpg)
Why should we use Why should we use Autonomous Agents for Autonomous Agents for
detecting Intrusion in the detecting Intrusion in the network ?network ?
• Runs continually.
• Fault tolerant.
• Resist subversion (monitor itself)
• Minimal overhead
• Configurable
• Adaptable
• Scalable
• Graceful degradation of service
• Dynamic reconfiguration.
![Page 13: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/13.jpg)
![Page 14: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/14.jpg)
Autonomous AgentsAutonomous Agents
• Network Reader
• Initial Analyzer
• Initial Alert Agent
• System data Reader
• Attack Classifier (GA-based filter)
• ANN Analyzer
• Teaching Agent
• Report Generator
![Page 15: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/15.jpg)
GENERATED REPORTS
![Page 16: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/16.jpg)
![Page 17: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/17.jpg)
![Page 18: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/18.jpg)
Future DirectionsFuture Directions
Complete building the learning agent of LIDS.
Test LIDS in a more complex environment.
Add new functionalities like visual representation of the reports.
Try to increase the speed and optimization of the processes.
![Page 19: Mayukh Dass Artificial Intelligence Center, University of Georgia Athens,Georgia, U.S.A](https://reader036.vdocuments.net/reader036/viewer/2022081603/5697bfe31a28abf838cb501d/html5/thumbnails/19.jpg)
AcknowledgementAcknowledgement
Dr. J. Cannady
Dr. D. Potter.
Dr. D. Nute.
Dr R. McClendon