Stratosphere Project: Free Software Machine Learning to protect NGOs
Sebastián García PhD.
sebastian.garcia@agents.fel.cvut.cz
@eldracote
Live Slides bit.ly/fsfe2016
NGOs are at risk
-
Highly political targets.
-
Attacked by powerful actors
-
No resources.
-
Not their goal.
-
Strong concerns about their privacy.
-
Concerns about Trust.
Problems for NGOs Security
Stratosphere Project
Free
Software
Machine
Learning
Behavioral
IPS
Protecting
NGOs
-
To put state-of-the-art machine learning techniques in the hands of the civil society.
-
To offer this detection service to NGOs for free.
-
We focus on what the computers are doing, not the attacks they receive.
Stratosphere Project
Stratosphere Principles
Less is More
Disassociate
Verify
Analyze the behavior of groups of flows.
Representation of behavior from detection.
With real and labeled datasets.
About Behaviors
-
Your behavior is usually the same when connecting with the same service.
-
Group flows going to a specific service by ignoring the source port. We call it a connection.
-
The connection, composed of several flows, now shows a behavior in time.
The Behavior of a Connection
10.0.2.111-217.23.10.139-80-tcp 55*V0v00v*E*v*v*v*v*E*v
1 flow -> 4 features -> 1 letter + 1 symbol
Behaviors or Malware
-
Malware mostly generate the same behaviors.
-
Changing the behavior is costly for the attacker.
-
These behaviors do not expire quickly.
-
Malware Open Data
From the letters create a Markov Chains behavioral model
Machine Learning Detection
-
Train Markov Models with known Malware Behaviors.
-
For detection: Compare the unknown traffic of a network to each trained Markov Model.
Types of Stratosphere
-
Stratosphere Testing Framework
-
Stand alone Detector
-
Cloud service for NGOs (in our University)
Stratosphere Data Analysis
-
Cloud-based Detection service for NGOs.
-
Add new algorithms continually.
-
Update the models.
-
Verify the detections if necessary.
-
NGOs can send the Flows or only the letters! Privacy matters.
Organizations working with us
-
People In Need. CZ. Helping 22 countries. Human-rights, war, etc.
-
CZ.NIC. Manager of .cz and Turris Project. 2,000 Internet Networks.
-
ICT help for policy makers in 20 African Countries
-
CTU University. With more than 7,000 hosts.
Thanks!
Sebastian Garcia
sebastian.garcia@agents.fel.cvut.cz
@stratosphereips
https://stratosphereips.org
-
In our datasets
-
96% TPR. Our own botnet traffic connections that are detected.
-
-
Real Traffic
-
~0.0002% FPR (30 FP in 132,000 connections/5min)
-
-
Novel Success cases: Linux Botnet, DDoS, etc.
-
Errors? For sure.
Results
Stratosphere Project: Free Software Machine Learning to protect NGOs
By eldraco
Stratosphere Project: Free Software Machine Learning to protect NGOs
Protecting NGOs with Stratosphere Project
- 5,117