http://brie.com/brian/netga/. who am i? brian e. lavender computer science legislative data center...
TRANSCRIPT
![Page 1: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/1.jpg)
http://brie.com/brian/netga/
![Page 2: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/2.jpg)
Who am I?
Brian E. Lavender
Computer Science
Legislative Data Center (Work)
![Page 3: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/3.jpg)
Custom rules to identify attacks
SNORT Experience
![Page 4: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/4.jpg)
Statistical Packet Anomaly Detection Engine
SNORT Plugin. Disappeared!!!
![Page 5: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/5.jpg)
MS Project – What to do?
NetworkSecurity
ArtificialInteligence
![Page 6: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/6.jpg)
Nprobe (Luca Deri)
Genetic AlgorithmPaper (Ren Hui Gong)
NetGAhttp://brie.com/brian/netga/
Integration and further development (Me!)
![Page 7: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/7.jpg)
How the Genetic Algorithm Works! Training
Data
![Page 8: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/8.jpg)
Training Data
![Page 9: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/9.jpg)
DARPA
http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1998data.html
Training Data Source
![Page 10: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/10.jpg)
Duration Protocol SRC IP DST IP Attack Type
H M S 0 1 2 3 0 1 2 3
0 0 11 ftp 1892 21 192 168 1 30 192 168 0 20 -
0 0 0 smtp 1900 25 192 168 1 30 192 168 0 20 -
0 0 2 rsh 1023 1021 192 168 1 30 192 168 0 20 rcp
0 0 23 telnet 1906 23 192 168 1 30 192 168 0 20 guess
0 0 14 rlogin 1022 513 192 168 1 30 192 168 0 20 rlogin
0 0 2 rsh 1022 1021 192 168 1 30 192 168 0 20 rsh
0 0 15 ftp 43549 21 192 168 0 40 192 168 0 20 -
0 0 40 telnet 1914 23 192 168 1 30 192 168 0 20 guess
0 1 24 telnet 43560 23 192 168 0 40 192 168 0 20 -
0 0 13 ftp 43566 21 192 168 0 40 192 168 0 20 -
SRC PORT
DST PRT
Make Rules that Match only attacks (Orange)!
Training Data
![Page 11: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/11.jpg)
Feature Name FormatDuration h:m:s 3Protocol Int 1Source_port Int 1Destination_port Int 1Source_IP a.b.c.d 4Destination_IP a.b.c.d 4Attack_name Int 1
Number of Genes
Individual Chromosome
![Page 12: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/12.jpg)
Individual Evolution
![Page 13: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/13.jpg)
Individual Elitism
New PopluationOld Popluation
Clone Two best of each attack Type
![Page 14: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/14.jpg)
Individual Crossover. Making Children
Duration Protocol SRC IP DST IP Attack Type
H M S 0 1 2 3 0 1 2 3
-1 0 -1 rsh -1 1021 192 168 -1 -1 192 168 0 -1 rsh
0 0 2 rsh -1 1021 192 168 1 30 192 168 0 20 guess
-1 0 -1 rsh -1 1021 192 168 1 30 192 168 0 -1 rsh New Child 10 0 2 rsh -1 1021 192 168 -1 -1 192 168 0 20 guess New Child 2
Midsection Crossover
SRC PORT
DST PRT
![Page 15: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/15.jpg)
Duration Protocol SRC IP DST IP Attack Type
H M S 0 1 2 3 0 1 2 30 0 2 rsh -1 1021 192 168 -1 30 192 168 0 -1 rsh Mutation
-1
SRC PORT
DST PRT
Individual Mutation
Only happens on rare occasions
![Page 16: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/16.jpg)
00,-1,-1 exec 00043517 00000079 192.168.001.040 010.168.000.020 guessFitness 0.0000
00,-1,02 ftp 00001847 00001021 192.168.001.030 192.168.000.020 guessFitness 0.0000
00,-1,-1 exec 00043517 00000079 192.168.001.040 010.168.000.020 guessFitness 0.0000
00,-1,02 ftp 00001847 00001021 192.168.001.030 192.168.000.020 guessFitness 0.0000
00,01,42 ftp 00043538 00000513 192.168.000.030 010.168.000.020 rcpFitness 0.0000
00,01,23 rlogin 00001769 00000512 192.168.000.040 010.168.000.020 rcpFitness 0.0000
00,01,57 smtp -0000001 00000512 192.-01.000.030 010.168.000.-01 port-scanfitness 0.0000
Individuals Start!
![Page 17: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/17.jpg)
00,00,14 rlogin -0000001 00000513 192.168.001.030 192.168.000.020 rshfitness is 0.8031
00,00,14 rlogin -0000001 00000513 192.168.001.030 192.168.000.020 rshfitness is 0.8031
00,00,04 rlogin -0000001 -0000001 192.168.001.030 192.168.000.020 port-scanfitness is 0.8031
00,-1,23 telnet -0000001 00000023 192.168.001.030 192.168.000.020 guessfitness is 0.8063
00,-1,05 -0001 -0000001 -0000001 192.168.001.030 192.168.000.020 port-scanfitness is 0.8063
-1,-1,05 -0001 -0000001 -0000001 192.168.001.030 192.168.000.020 port-scanfitness is 0.8063
00,-1,23 telnet -0000001 00000023 192.168.001.030 192.168.000.020 guessfitness is 0.8063
Individuals Finish!
![Page 18: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/18.jpg)
NetGA Plugin matches connection poolIn nProbe.
nProbe Layout
![Page 19: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/19.jpg)
nProbe code Development and Testing
Dummy Interface# modprobe dummy0
# ifconfig dummy0 0.0.0.0
TCP Replay# tcpreplay -i dummy0 sample_data01.tcpdump
Run nProbe# nprobe -i dummy0 –netGA=<netga.conf> <other options>
![Page 20: Http://brie.com/brian/netga/. Who am I? Brian E. Lavender Computer Science Legislative Data Center (Work)](https://reader036.vdocuments.site/reader036/viewer/2022062309/56649e985503460f94b9b2d2/html5/thumbnails/20.jpg)
NetGA
http://brie.com/brian/netga/
Isaac Newton