SlideShare uma empresa Scribd logo

Enforcing Corporate Security Policies via Computational Intelligence Techniques

Transferir como ODP, PDF
Juan J. Merelo
Juan J. Merelo

Paper presented at the SecDef workshop @GECCO 2014, by Enforcing Corporate Security Policies via Computational Intelligence Techniques Antonio Moral is the main author of the presentation

InternetTecnologiaNegócios
1 de 15
SECDEF Workshop on Genetic and Evolutionary Computation in Defense, Security and Risk Management Antonio Mora, Paloma de las Cuevas, J.J. Merelo Sergio Zamarripa, Anna I. Esparcia @MUSESproject Vancouver (Canada) - 13 July 2014 Enforcing Corporate Security Policies via Computational Intelligence Techniques
Why? - Motivation • Perception of the user as “the enemy” in corporate security. • Users’ perception of security as a annoyance. • Need to engage users in security issues: –in a friendly way, –respecting their privacy and –increasing their trust. • New challenges: multiple devices, mobility, BYOD policies, vanishing borders between personal & work environments… SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 2
What? - Solution ● A corporate security system that is: ✔ device independent, ✔ user-centric, ✔ self-adaptive, ✔ able to analyse risk and trust in real time, ✔ multiplatform and ✔ open source. ● And takes into account the corporate, technical, legal, social and economic contexts. SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 3
Architecture Overview SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 4
Architecture Implementation SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 5
Server Side (modules) SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 6
Server Side (submodules) SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 7
Main feature of the system SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 8
Rule refinement example • Application: Corporate application that takes pictures and it uploads them to a server. • Policy: Any employee of the company is allowed to take and upload pictures to corporate servers only using corporate applications. • Long term observation: If the application is used outside of the building, some security risks are observed. → Proposed refined rules would require stronger authentication depending on location, to allow uploading pictures. SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 9
Conceptual model SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 10
Step 1: Initial rules and Data Mining • Initial Rules: defined by the Chief Security Officer in the company, according to the Corporate Security Policies. • Data Mining: Performed on the gathered data in the system, stored as events (user behaviour). – Classification → assign classes to new patterns. [GP-based approach] Example: a classifier for ALLOW/DENY accesses to URLs could go beyond Black and White lists (it could consider additional variables in addition to the URL). – Clustering → group similar patterns. Example: outliers could be considered as anomalous or suspicious patterns. – Feature Selection → remove less significant variables. – Data Visualization → show data information for a controller (CSO). SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 11
Step 2: Rule Refinement and Adjustment • Refinement: The set of security rules will be improved in order to better deal with the detected anomalous patterns or situations (in the Data Mining step). – Adapt existing rules adjust them to improve the pattern covering (Genetic Programming trying different antecedents and/or consequents). – Infer/create new rules for dealing with new detected situations (Genetic Programming combining sets of terms and values in order to compose new conditions and actions, i.e. new security rules). • Adjustment: The rules could be fine-tuned by means of Evolutionary Algorithms that could try different values for the variables (in the conditions/antecedents) of the final set of rules. SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 12
Step 3: Evaluation • Manual: The refined (modified or inferred) set of rules will be stored in the system as DRAFT rules. Then, a human controller (normally the CSO) will check and, eventually, approve them to be FINAL. • Automatic: The system will be able to automatically evaluate every potential rule (it is mandatory during the evolutionary process). To do it, a LOG of the whole decision process of the system will be stored. Lately, every potential rule will be evaluated by 'simulating' past security incidents, and considering how the system would have worked if the rule being evaluated would have been included in the loop. SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 13
How are we doing now? • Sources released in GitHub https://github.com/MusesProject/ • Beta available https://github.com/MusesProject/MusesClient/releases and for the common infraestructure https://github.com/MusesProject/Muses/releases • Still 1 year to go in the project. SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 14
THANK YOU SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 15 https://www.musesproject.eu/

Recomendados

Network security and policies
Network security and policiesNetwork security and policies
Network security and policies
wardjo
 
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSRISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
Christina33713
 
Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813
Kinetic Potential
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
Donald E. Hester
 
Nist
NistNist
Nist
penetration Tester
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
NIST CSF Overview
NIST CSF OverviewNIST CSF Overview
NIST CSF Overview
Priyanka Aash
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 

Recomendados

Network security and policies
Network security and policiesNetwork security and policies
Network security and policies
wardjo
 
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSRISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
Christina33713
 
Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813
Kinetic Potential
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
Donald E. Hester
 
Nist
NistNist
Nist
penetration Tester
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
NIST CSF Overview
NIST CSF OverviewNIST CSF Overview
NIST CSF Overview
Priyanka Aash
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
newbie2019
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
Divya Tiwari
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
Zefren Edior
 
Security policy
Security policySecurity policy
Security policy
Dhani Ahmad
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
Anshu Gupta
 
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdfControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
sulu98
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
phanleson
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
codka
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
phanleson
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
MLG College of Learning, Inc
 
Security Policies
Security PoliciesSecurity Policies
Security Policies
phanleson
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
ControlCase
 
Security
SecuritySecurity
Security
a1aass
 
ISO/IEC 27034 Application Security – How to trust, without paying too much!
ISO/IEC 27034 Application Security – How to trust, without paying too much!ISO/IEC 27034 Application Security – How to trust, without paying too much!
ISO/IEC 27034 Application Security – How to trust, without paying too much!
PECB
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
newbie2019
 
Lesson 2 - System Specific Policy
Lesson 2 - System Specific PolicyLesson 2 - System Specific Policy
Lesson 2 - System Specific Policy
MLG College of Learning, Inc
 
I.T. Geeks Can't Talk to Management
I.T. Geeks Can't Talk to ManagementI.T. Geeks Can't Talk to Management
I.T. Geeks Can't Talk to Management
Tripwire
 
Comp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementationComp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementation
ShivamSharma909
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident response
ShivamSharma909
 
Habanagate
HabanagateHabanagate
Habanagate
Enrique Posada
 
Alfabeto Visual_Introdução ap Alfabeto Visual
Alfabeto Visual_Introdução ap Alfabeto VisualAlfabeto Visual_Introdução ap Alfabeto Visual
Alfabeto Visual_Introdução ap Alfabeto Visual
Sancho Ferreira
 

Mais conteúdo relacionado

Mais procurados

Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
phanleson
 
Security Policies
Security PoliciesSecurity Policies
Security Policies
phanleson
 
ISO/IEC 27034 Application Security – How to trust, without paying too much!
ISO/IEC 27034 Application Security – How to trust, without paying too much!ISO/IEC 27034 Application Security – How to trust, without paying too much!
ISO/IEC 27034 Application Security – How to trust, without paying too much!
PECB
 
I.T. Geeks Can't Talk to Management
I.T. Geeks Can't Talk to ManagementI.T. Geeks Can't Talk to Management
I.T. Geeks Can't Talk to Management
Tripwire
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident response
ShivamSharma909
 

Mais procurados (20)

Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
 
Security policy
Security policySecurity policy
Security policy
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
 
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdfControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
ControlsforProtectingCriticalInformationInfrastructurefromCyberattacks (1).pdf
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
 
Security Policies
Security PoliciesSecurity Policies
Security Policies
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
Security
SecuritySecurity
Security
 
ISO/IEC 27034 Application Security – How to trust, without paying too much!
ISO/IEC 27034 Application Security – How to trust, without paying too much!ISO/IEC 27034 Application Security – How to trust, without paying too much!
ISO/IEC 27034 Application Security – How to trust, without paying too much!
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
 
Lesson 2 - System Specific Policy
Lesson 2 - System Specific PolicyLesson 2 - System Specific Policy
Lesson 2 - System Specific Policy
 
I.T. Geeks Can't Talk to Management
I.T. Geeks Can't Talk to ManagementI.T. Geeks Can't Talk to Management
I.T. Geeks Can't Talk to Management
 
Comp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementationComp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementation
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident response
 

Destaque

Proyecto final de auditoría
Proyecto final de auditoríaProyecto final de auditoría
Proyecto final de auditoría
Juan Jose Flores
 
Tecnologia De Alimentos 000
Tecnologia De Alimentos 000Tecnologia De Alimentos 000
Tecnologia De Alimentos 000
educacao f
 
Ajax设计技术
Ajax设计技术Ajax设计技术
Ajax设计技术
yiditushe
 

Destaque (20)

Habanagate
HabanagateHabanagate
Habanagate
 
Alfabeto Visual_Introdução ap Alfabeto Visual
Alfabeto Visual_Introdução ap Alfabeto VisualAlfabeto Visual_Introdução ap Alfabeto Visual
Alfabeto Visual_Introdução ap Alfabeto Visual
 
Proyecto final de auditoría
Proyecto final de auditoríaProyecto final de auditoría
Proyecto final de auditoría
 
Programa de trazabilidad 583802
Programa de trazabilidad 583802Programa de trazabilidad 583802
Programa de trazabilidad 583802
 
IB Chemistry on Ionization energy and electron configuration
IB Chemistry on Ionization energy and electron configurationIB Chemistry on Ionization energy and electron configuration
IB Chemistry on Ionization energy and electron configuration
 
Pirámides de población de España
Pirámides de población de EspañaPirámides de población de España
Pirámides de población de España
 
Tecnologia De Alimentos 000
Tecnologia De Alimentos 000Tecnologia De Alimentos 000
Tecnologia De Alimentos 000
 
Recomendaciones ERC 2015. Resumen ejecutivo
Recomendaciones ERC 2015. Resumen ejecutivoRecomendaciones ERC 2015. Resumen ejecutivo
Recomendaciones ERC 2015. Resumen ejecutivo
 
Administracion de un centro de computo
Administracion de un centro de computoAdministracion de un centro de computo
Administracion de un centro de computo
 
Oil & Gas Magazine Septiembre 2016
Oil & Gas Magazine Septiembre 2016Oil & Gas Magazine Septiembre 2016
Oil & Gas Magazine Septiembre 2016
 
Historia de la economía, doctrina economica, escuelas economicas
Historia de la economía, doctrina economica, escuelas economicasHistoria de la economía, doctrina economica, escuelas economicas
Historia de la economía, doctrina economica, escuelas economicas
 
Ajax设计技术
Ajax设计技术Ajax设计技术
Ajax设计技术
 
TRANSMISION DE DATOS Resumen UNIDAD I UFT OPM 1.A
TRANSMISION DE DATOS Resumen UNIDAD I UFT OPM 1.ATRANSMISION DE DATOS Resumen UNIDAD I UFT OPM 1.A
TRANSMISION DE DATOS Resumen UNIDAD I UFT OPM 1.A
 
Mobile marketing mexico
Mobile marketing mexicoMobile marketing mexico
Mobile marketing mexico
 
Proyecto Final Formulacion De Proyectos
Proyecto Final Formulacion De ProyectosProyecto Final Formulacion De Proyectos
Proyecto Final Formulacion De Proyectos
 
Los derechos humanos
Los derechos humanosLos derechos humanos
Los derechos humanos
 
PEREZ PAIZ, MARTINEZ RUANO
PEREZ PAIZ, MARTINEZ RUANOPEREZ PAIZ, MARTINEZ RUANO
PEREZ PAIZ, MARTINEZ RUANO
 
Importancia de la medición de la enfermedad
Importancia de la medición de la enfermedadImportancia de la medición de la enfermedad
Importancia de la medición de la enfermedad
 
Como afecta el alcohol en la salud mental y en los adolescentes
Como afecta el alcohol en la salud mental y en los adolescentesComo afecta el alcohol en la salud mental y en los adolescentes
Como afecta el alcohol en la salud mental y en los adolescentes
 
ABC del Ecommerce
ABC del EcommerceABC del Ecommerce
ABC del Ecommerce
 

Semelhante a Enforcing Corporate Security Policies via Computational Intelligence Techniques

Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docx
jenkinsmandie
 
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
oswald1horne84988
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
Malachi Jones
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Alan Yau Ti Dun
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
dewhirstichabod
 

Semelhante a Enforcing Corporate Security Policies via Computational Intelligence Techniques (20)

Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docx
 
Cybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best PracticesCybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best Practices
 
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
· THE INDUSTRY AND THE COMPANY AND ITS PRODUCT(S) OR SERVICE(S)A.docx
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solution
 
cyber security ppt.pptx
cyber security ppt.pptxcyber security ppt.pptx
cyber security ppt.pptx
 
02. ISM - Cyber Security Principles (March 2023).pdf
02. ISM - Cyber Security Principles (March 2023).pdf02. ISM - Cyber Security Principles (March 2023).pdf
02. ISM - Cyber Security Principles (March 2023).pdf
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
 
File000169
File000169File000169
File000169
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resources
 
Solution managment and monitoring services.docx
Solution managment and monitoring services.docxSolution managment and monitoring services.docx
Solution managment and monitoring services.docx
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
 
7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations
 
Khas bank isms 3 s
Khas bank isms 3 sKhas bank isms 3 s
Khas bank isms 3 s
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
 
Mobile First, Security First!
Mobile First, Security First!Mobile First, Security First!
Mobile First, Security First!
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
 

Mais de Juan J. Merelo

Redes sociales-en-un-rato-piiisa
Redes sociales-en-un-rato-piiisaRedes sociales-en-un-rato-piiisa
Redes sociales-en-un-rato-piiisa
Juan J. Merelo
 

Mais de Juan J. Merelo (20)

Acta de defunción de juan monserrat vergés
Acta de defunción de juan monserrat vergésActa de defunción de juan monserrat vergés
Acta de defunción de juan monserrat vergés
 
Ciencia y videojuegos v4
Ciencia y videojuegos v4Ciencia y videojuegos v4
Ciencia y videojuegos v4
 
Como triunfar con tu proyecto en un hackatón
Como triunfar con tu proyecto en un hackatónComo triunfar con tu proyecto en un hackatón
Como triunfar con tu proyecto en un hackatón
 
Benchmarking languages for evolutionary computation
Benchmarking languages for evolutionary computationBenchmarking languages for evolutionary computation
Benchmarking languages for evolutionary computation
 
Benchmarking languages for evolutionary algorithms
Benchmarking languages for evolutionary algorithmsBenchmarking languages for evolutionary algorithms
Benchmarking languages for evolutionary algorithms
 
8º hackatón de proyectos libres de la UGR: Ayuda para los participantes
8º hackatón de proyectos libres de la UGR: Ayuda para los participantes8º hackatón de proyectos libres de la UGR: Ayuda para los participantes
8º hackatón de proyectos libres de la UGR: Ayuda para los participantes
 
Creación de panorámicas con Hugin
Creación de panorámicas con HuginCreación de panorámicas con Hugin
Creación de panorámicas con Hugin
 
Introducción a HDR y Tonemapping con Luminance
Introducción a HDR y Tonemapping con LuminanceIntroducción a HDR y Tonemapping con Luminance
Introducción a HDR y Tonemapping con Luminance
 
Introducción al 7º hackathon UGR
Introducción al 7º hackathon UGRIntroducción al 7º hackathon UGR
Introducción al 7º hackathon UGR
 
Nuevas tecnologías, Modas y docencia en el siglo XXI
Nuevas tecnologías, Modas y docencia en el siglo XXINuevas tecnologías, Modas y docencia en el siglo XXI
Nuevas tecnologías, Modas y docencia en el siglo XXI
 
Open Access and Copyleft
Open Access and CopyleftOpen Access and Copyleft
Open Access and Copyleft
 
Luminance 2014 presentaciión sobre luminance
Luminance 2014 presentaciión sobre luminanceLuminance 2014 presentaciión sobre luminance
Luminance 2014 presentaciión sobre luminance
 
Evostar 2014 Introduction to the conference
Evostar 2014 Introduction to the conferenceEvostar 2014 Introduction to the conference
Evostar 2014 Introduction to the conference
 
Presentación Open Data Day en Granada, 2014
Presentación Open Data Day en Granada, 2014Presentación Open Data Day en Granada, 2014
Presentación Open Data Day en Granada, 2014
 
Introducción al uso de git, el sistema de control de fuentes más molón.
Introducción al uso de git, el sistema de control de fuentes más molón. Introducción al uso de git, el sistema de control de fuentes más molón.
Introducción al uso de git, el sistema de control de fuentes más molón.
 
Redes sociales-en-un-rato-piiisa
Redes sociales-en-un-rato-piiisaRedes sociales-en-un-rato-piiisa
Redes sociales-en-un-rato-piiisa
 
¿Necesitas a la oficina de software libre de la Universidad de Granada?
¿Necesitas a la oficina de software libre de la Universidad de Granada?¿Necesitas a la oficina de software libre de la Universidad de Granada?
¿Necesitas a la oficina de software libre de la Universidad de Granada?
 
Presentación 8º CUSL/6º CUSL granadino
Presentación 8º CUSL/6º CUSL granadinoPresentación 8º CUSL/6º CUSL granadino
Presentación 8º CUSL/6º CUSL granadino
 
El software libre contado a los universitarios
El software libre contado a los universitariosEl software libre contado a los universitarios
El software libre contado a los universitarios
 
Human or machine
Human or machineHuman or machine
Human or machine
 

Último

Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
SUHANI PANDEY
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
imonikaupta
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
Delhi Call girls
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
nirzagarg
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
nirzagarg
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
nilamkumrai
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
ruhi
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
SUHANI PANDEY
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
tanu pandey
 

Último (20)

Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 

Enforcing Corporate Security Policies via Computational Intelligence Techniques

  • 1. SECDEF Workshop on Genetic and Evolutionary Computation in Defense, Security and Risk Management Antonio Mora, Paloma de las Cuevas, J.J. Merelo Sergio Zamarripa, Anna I. Esparcia @MUSESproject Vancouver (Canada) - 13 July 2014 Enforcing Corporate Security Policies via Computational Intelligence Techniques
  • 2. Why? - Motivation • Perception of the user as “the enemy” in corporate security. • Users’ perception of security as a annoyance. • Need to engage users in security issues: –in a friendly way, –respecting their privacy and –increasing their trust. • New challenges: multiple devices, mobility, BYOD policies, vanishing borders between personal & work environments… SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 2
  • 3. What? - Solution ● A corporate security system that is: ✔ device independent, ✔ user-centric, ✔ self-adaptive, ✔ able to analyse risk and trust in real time, ✔ multiplatform and ✔ open source. ● And takes into account the corporate, technical, legal, social and economic contexts. SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 3
  • 4. Architecture Overview SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 4
  • 5. Architecture Implementation SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 5
  • 6. Server Side (modules) SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 6
  • 7. Server Side (submodules) SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 7
  • 8. Main feature of the system SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 8
  • 9. Rule refinement example • Application: Corporate application that takes pictures and it uploads them to a server. • Policy: Any employee of the company is allowed to take and upload pictures to corporate servers only using corporate applications. • Long term observation: If the application is used outside of the building, some security risks are observed. → Proposed refined rules would require stronger authentication depending on location, to allow uploading pictures. SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 9
  • 10. Conceptual model SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 10
  • 11. Step 1: Initial rules and Data Mining • Initial Rules: defined by the Chief Security Officer in the company, according to the Corporate Security Policies. • Data Mining: Performed on the gathered data in the system, stored as events (user behaviour). – Classification → assign classes to new patterns. [GP-based approach] Example: a classifier for ALLOW/DENY accesses to URLs could go beyond Black and White lists (it could consider additional variables in addition to the URL). – Clustering → group similar patterns. Example: outliers could be considered as anomalous or suspicious patterns. – Feature Selection → remove less significant variables. – Data Visualization → show data information for a controller (CSO). SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 11
  • 12. Step 2: Rule Refinement and Adjustment • Refinement: The set of security rules will be improved in order to better deal with the detected anomalous patterns or situations (in the Data Mining step). – Adapt existing rules adjust them to improve the pattern covering (Genetic Programming trying different antecedents and/or consequents). – Infer/create new rules for dealing with new detected situations (Genetic Programming combining sets of terms and values in order to compose new conditions and actions, i.e. new security rules). • Adjustment: The rules could be fine-tuned by means of Evolutionary Algorithms that could try different values for the variables (in the conditions/antecedents) of the final set of rules. SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 12
  • 13. Step 3: Evaluation • Manual: The refined (modified or inferred) set of rules will be stored in the system as DRAFT rules. Then, a human controller (normally the CSO) will check and, eventually, approve them to be FINAL. • Automatic: The system will be able to automatically evaluate every potential rule (it is mandatory during the evolutionary process). To do it, a LOG of the whole decision process of the system will be stored. Lately, every potential rule will be evaluated by 'simulating' past security incidents, and considering how the system would have worked if the rule being evaluated would have been included in the loop. SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 13
  • 14. How are we doing now? • Sources released in GitHub https://github.com/MusesProject/ • Beta available https://github.com/MusesProject/MusesClient/releases and for the common infraestructure https://github.com/MusesProject/Muses/releases • Still 1 year to go in the project. SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 14
  • 15. THANK YOU SECDEF 2014 – Enhancing Corporate Security Policies via CI Techniques 15 https://www.musesproject.eu/