Toward Sound-Assisted Intrusion Detection Systems

@inproceedings{Qi2007TowardSI,
  title={Toward Sound-Assisted Intrusion Detection Systems},
  author={Lei Qi and Miguel Vargas Martin and Bill Kapralos and Mark Green and Miguel Angel Garcia-Ruiz},
  booktitle={OTM Conferences},
  year={2007}
}
Network intrusion detection has been generally dealt with using sophisticated software and statistical analysis, although sometimes it has to be done by administrators, either by detecting the intruders in real time or by revising network logs, making this a tedious and timeconsuming task. To support this, intrusion detection analysis has been carried out using visual, auditory or tactile sensory information in computer interfaces. However, little is known about how to best integrate the… 

Evaluating a sound-enhanced intrusion detection system to identify network congestion

This work presents an approach whereby sonification, that is the use of sound to convey non-sound information at the computer interface, is employed to map the data within a network log into meaningful sound and thus allow for a simple and intuitive sound-based network intrusion detection system.

Poster : Towards Music-Assisted Intrusion Detection

The usability of sound in complementing automatic response systems and directions towards the design of a more advanced sonification system that will modify well-known melodies or songs to convey useful information to users in real time are given.

Auditory Display as a Tool for Teaching Network Intrusion Detection

This paper describes an ongoing research concerned with designing and applying sounds that represent meaningful information in interfaces (sonification) to support teaching of NID.

A Framework for Intrusion Detection Targeted at Non-Expert Users

This paper presents a framework for intrusion detection specifically designed to be used by any category of users, using visual interfaces for simplifying the user interaction with the framework, allowing him/her to properly configure and run an Intrusion Detection System (IDS).

Server sounds and network noises

An overview of the current state of research regarding auditory-based and multimodal tools in computer security, including several sonification-based tools in a mature state, is provided.

Reflecting on the Use of Sonification for Network Monitoring

This paper describes and reflects critically on the shortcomings of traditional network-monitoring methods and identifies the key role that sonification, if implemented correctly, could play in improving current monitoring capabilities.

A Formalised Approach to Designing Sonification Systems for Network−Security Monitoring

The key role that sonification, if implemented correctly, could play in addressing shortcomings of traditional network-monitoring methods is identified and a formalised model for designing sonifications for network-security monitoring is presented.

Data presentation in security operations centres: exploring the potential for sonification to enhance existing practice

Insight is provided into the potential benefits and challenges of introducing sonification to support work in this vital security-monitoring environment and evidence of the visual data-presentation techniques currently used is identified.

Warning users about cyber threats through sounds

“CyberWarner” is introduced, a sonification sandbox that can be installed on the Google Chrome browser to enable auditory representations of certain security threats and cues that are designed based on several URL heuristics that are feasible to develop sonified cyber security threat indicators that users intuitively understand with minimal experience and training.

References

SHOWING 1-10 OF 39 REFERENCES

Towards a Multimodal Human-Computer Interface to Analyze Intrusion Detection in Computer Networks

This work proposes a multimodal human-computer interface to analyze malicious attacks during forensic examination of network logs and plans to apply this system to a server with biomolecular information working as a test bed.

Feature selection for intrusion detection: an evolutionary wrapper approach

  • A. HofmannT. HoreisB. Sick
  • Computer Science
    2004 IEEE International Joint Conference on Neural Networks (IEEE Cat. No.04CH37541)
  • 2004
An evolutionary algorithm (EA) is set out that performs the tasks of feature selection and architecture optimization for radial basis function (RBF) networks automatically and it is possible to reduce the number of input features significantly, which is very important due to the fact that the neural networks can effectively be prevented from overfitting.

Anomalous Payload-Based Network Intrusion Detection

A payload-based anomaly detector, called PAYL, for intrusion detection that demonstrates the surprising effectiveness of the method on the 1999 DARPA IDS dataset and a live dataset the authors collected on the Columbia CS department network.

A monitoring system for detecting repeated packets with applications to computer worms

A monitoring system which detects repeated packets in network traffic, and has applications including detecting computer worms, which uses Bloom filters with counters and simulations confirm that this approach can detect worms at early stages of propagation.

Scalable visualization of propagating internet phenomena

This work introduces visual, scalable techniques to detect phenomena such as distributed denial-of-service attacks and worms and hopes that these new approaches will enable detection of such events at an early stage and enable local response actions even before the publication of advisories about a new vulnerability and the availability of patches.

Autograph: Toward Automated, Distributed Worm Signature Detection

Autograph is described, a system that automatically generates signatures for novel Internet worms that propagate using TCP transport that is designed to produce signatures that exhibit high sensitivity (high true positives) and high specificity (low false positives).

Fast portscan detection using sequential hypothesis testing

TRW (Threshold Random Walk), an online detection algorithm that identifies malicious remote hosts requires a much smaller number of connection attempts compared to previous schemes, while also providing theoretical bounds on the low probabilities of missed detection and false alarms.

A novel visualization technique for network anomaly detection

Experiments show the visualization technique to be a good medium when trying to identify possible anomalies of the network such as:DoS types of attacks as well as probing attacks (e.g.,Portsweepand IPsweep).

Security Monitoring, Visualization, and System Survivability: A Position Paper for ISW-2001

A significant impediment to the development of large-scale survivable systems is the inability to accurately monitor these systems in real-time, so that an administrator can recognize attacks as they occur and take action to defend against them.

The EarlyBird System for Real-time Detection of Unknown Worms

An automated method for detecting new worms based on traffic characteristics common to most of them: highly repetitive packet content, an increasing population of sources generating infections and an increasing number of destinations being targeted.