Stratosphere project: free software machine learning to protect ng os
2 likes257 views
The Stratosphere Project aims to provide free machine learning tools to protect NGOs from cyber threats by analyzing network behavior rather than focusing solely on attacks. The project offers various detection services, including a cloud-based analysis platform and standalone detectors, while prioritizing privacy and continuous improvement of detection algorithms. Collaborating with multiple organizations, it focuses on enhancing security for NGOs, particularly those vulnerable to political attacks.
Stratosphere project: free software machine learning to protect ng os
- 1. Stratosphere Project: Free Software Machine Learning to protect NGOs Sebastián García PhD. sebastian.garcia@agents.fel.cvut.cz @eldracote Live Slides bit.ly/fsfe2016 1 . 1
- 2. NGOs are at risk 1 . 2
- 3. Highly political targets. Attacked by powerful actors No resources. Not their goal. Strong concerns about their privacy. Concerns about Trust. Problems for NGOs Security 1 . 3
- 5. To put state-of-the-art machine learning techniques in the hands of the civil society. To offer this detection service to NGOs for free. We focus on what the computers are doing, not the attacks they receive. Stratosphere Project 1 . 5
- 6. Stratosphere Principles Less is More Disassociate Verify Analyze the behavior of groups of flows. Representation of behavior from detection. With real and labeled datasets. 1 . 6
- 7. About Behaviors Your behavior is usually the same when connecting with the same service. Group flows going to a specific service by ignoring the source port. We call it a connection. The connection, composed of several flows, now shows a behavior in time. 1 . 7
- 8. The Behavior of a Connection 10.0.2.111-217.23.10.139-80-tcp 55*V0v00v*E*v*v*v*v*E*v 1 flow -> 4 features -> 1 letter + 1 symbol 1 . 8
- 9. Behaviors or Malware Malware mostly generate the same behaviors. Changing the behavior is costly for the attacker. These behaviors do not expire quickly. Malware Open Data https://stratosphereips.org/category/dataset.html 1 . 9
- 10. Machine Learning Detection From the letters create a Markov Chains behavioral model Train Markov Models with known Malware Behaviors. For detection: Compare the unknown traffic of a network to each trained Markov Model. 1 . 10
- 11. Types of Stratosphere Stand alone Detector Cloud service for NGOs (in our University) Stratosphere Testing Framework Stratosphere Linux IPS Stratosphere Windows IPS 1 . 11
- 12. Stratosphere Data Analysis Cloud-based Detection service for NGOs. Add new algorithms continually. Update the models. Verify the detections if necessary. NGOs can send the Flows or only the letters! Privacy matters. 1 . 12
- 13. Organizations working with us People In Need. CZ. Helping 22 countries. Human-rights, war, etc. CZ.NIC. Manager of .cz and Turris Project. 2,000 Internet Networks. ICT help for policy makers in 20 African Countries CTU University. With more than 7,000 hosts. 1 . 13
- 15. In our datasets 96% TPR. Our own botnet traffic connections that are detected. Real Traffic ~0.0002% FPR (30 FP in 132,000 connections/5min) Novel Success cases: Linux Botnet, DDoS, etc. Errors? For sure. Results 1 . 15