Beruflich Dokumente
Kultur Dokumente
Richard Lippmann
MIT Lincoln Laboratory
• Extremely Successful
– Results Focused Research, and Highlighted Current
Capabilities and Recent Advances
80
BEST
COMBINATION
60
40
KEYWORD
BASELINE
20
0
0.001 0.01 0.1 1 10 100
FALSE ALARMS (%)
• More Than Two Orders of Magnitude Reduction in False Alarm Rate
With Improved Detection Accuracy, Most Errors are in New Attacks
• Keyword Baseline Performance Similar to That of Commercial and
Government Keyword- Based Systems
MIT Lincoln Laboratory
28 Jan 99 - 3
Richard Lippmann
Best Systems in 1998 Evaluation Didn’t
Accurately Detect New Attacks
100
80 OLD
60 NEW
40
20
0
PROBE DOS U2R R2L
(14,3) (34,9) (27,11) (5,17)
CATEGORY
OUTSIDE OUTSIDE
PC Work Station INSIDE WEB
WS Work Station Web Server
GATEWAY GATEWAY
PC Work Station
GATEWAY
Work Station Web Server
PC Work Station
Work Station Web Server
P2 P2 P2
CISCO
ROUTER
Ultra Ultra
486 Sparc
Sparc
OUTSIDE OUTSIDE
PC Work Station INSIDE WEB
WS Work Station Web Server
GATEWAY GATEWAY
PC Work Station
GATEWAY
Work Station Web Server
PC Work Station
Work Station Web Server
P2 P2 P2
CISCO
ROUTER
Sniffer
Sniffer
486
Ultra Ultra
OUTSIDE
Sparc Sparc
SNIFFING
Linux SunOS Solaris Solaris Solaris
DATA
SELECTED INSIDE
FILE SNIFFING
NT DUMPS DATA
3. 4.
1.
NT SYSTEMS,
TRAFFIC, ATTACKS MIT Lincoln Laboratory
28 Jan 99 - 7
Richard Lippmann
Major New Features for 1999
• NT Workstation
– NT Traffic and Attacks
• Insider Attacks
• Selected File System Dumps
– Provide Important Components from File Systems of Five
Victims Each Night (Includes NT Audit Logs)
PRE-TEST July12
DELIVER 2 WEEKS OF
August 2
TEST DATA
September
ANALYZE RETURNED DATA
EVALUATION
O c t o b e r-
W O R K S H O P - PI MEETING
November
– U S E R : ideval
– PASSWORD: daRpa98!