PPT-Application of the Complex Event Processing system for anomaly detection and network monitoring

Marek Pawłowski Gerard Frankowski Marcin Jerzak Maciej Miłostan Tomasz Nowak Poznań Supercomputing and Networking Center Agenda Introduction System Architecture . John Plummer, Jeff Johnson. Introduction. What is CEP ?. Typical Application and Architecture. Event Query Languages. Event Processing Examples. NEsper. BizTalk RFID. Demo. Agenda. “Complex Event Processing (CEP) is a set of techniques and tools to help understand and control event-driven Information Systems”. -. Traffic Video Surveillance. Ziming. Zhang, . Yucheng. Zhao and . Yiwen. Wan. Outline. Introduction. &Motivation. Problem Statement. Paper Summeries. Discussion and Conclusions. What are . Anomalies?. Introduction and Use Cases. Derick . Winkworth. , Ed Henry and David Meyer. Agenda. Introduction and a Bit of History. So What Are Anomalies?. Anomaly Detection Schemes. Use Cases. Current Events. Q&A. Anomaly Detection for. Cyber Security. Presentation by Mike Calder . Anomaly Detection. Used for cyber security. Detecting threats using network data. Detecting threats using host-based data. In some domains, anomalies are detected so that they can be removed/corrected. Intruders. WenZhan. Song. Cryptography and Network Security. 1. Intruders. Three classes of intruders:. Examples of Intrusion. Performing a remote root compromise of an e-mail server. Defacing a Web server. Paper by: T. Bowen. Presented by: Tiyseer Al Homaiyd. 1. Introduction: . Intrusions: show observable events that deviate from the . norm.. Survivable system usually focus on detecting intrusions rather than preventing or containing damage. . Problem motivation. Machine Learning. Anomaly detection example. Aircraft engine features:. . = heat generated. = vibration intensity. …. (vibration). (heat). Dataset:. New engine:. Density estimation. Craig Buchanan. University of Illinois at Urbana-Champaign. CS 598 MCC. 4/30/13. Outline. K-Nearest Neighbor. Neural Networks. Support Vector Machines. Lightweight Network Intrusion Detection (LNID). Anomaly-based . Network Intrusion . Detection (A-NIDS). by Nitish Bahadur, Gulsher Kooner, . Caitlin Kuhlman. 1. PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management [Online]. Available: . &. Intrusion . Detection Systems. 1. Intruders. Three classes of intruders:. Examples of Intrusion. Performing a remote root compromise of an e-mail server. Defacing a Web server. Guessing and cracking passwords. Fourth Edition. By: William Stallings and Lawrie Brown. Chapter . 8. Intrusion Detection. Classes of Intruders –. Cyber Criminals. Individuals or members of an organized crime group with a goal of financial reward. Shilin . He. ,. . Jieming. Zhu, . Pinjia. . He,. and Michael R. . Lyu. Department of Computer Science and Engineering, . The Chinese University of Hong Kong, Hong Kong. 2016/10/26. Background & Motivation. Project Lead: . Farokh. . Bastani. , I-Ling Yen, . Latifur. Khan. Date: April 7, 2011. 2010/Current Project Overview. Self-Detection of Abnormal Event Sequences. 2. Tasks:. Prepare Cisco event sequence data for analysis tools.. 14. . World-Leading Research with Real-World Impact!. CS 5323. Outline. Anomaly detection. Facts and figures. Application. Challenges. Classification. Anomaly in Wireless.  . 2. Recent News. Hacking of Government Computers Exposed 21.5 Million People.