DocumentCode
2181943
Title
Human interface for cyber security anomaly detection systems
Author
Vollmer, D.T. ; Manic, Milos
Author_Institution
Idaho Nat. Lab., Idaho Falls, ID
fYear
2009
fDate
21-23 May 2009
Firstpage
654
Lastpage
659
Abstract
Low-level network traffic information is often times beyond the understanding of common system operators (byte counts, port numbers, packet data, etc.). However, anomaly based Intrusion Detection Systems (IDS) often provide such low-level, difficult to comprehend information. This paper details a Human Interface for Security Awareness (HISA) algorithm for interpreting cyber incident information to human operators from anomaly based intrusion detections systems. A similarity algorithm mapping anomaly results to signature based intrusion system rules is developed. Categorizations of attacks found in rules created for the Snort intrusion system were used as a basis of information to present to the user. A proof of concept system was developed using Perl native functions and custom modules. Testing with generated ICMP packets resulted in an identification accuracy of 60% proving the efficacy of the presented HISA algorithm.
Keywords
digital signatures; security of data; traffic information systems; user interfaces; cyber security anomaly detection system; digital signature; human interface; intrusion detection system; network traffic information system; security awareness; snort intrusion system; user interface; Communication system control; Communication system security; Computer security; Control systems; Humans; Information security; Information technology; Intrusion detection; Laboratories; Safety; command and control systems; site security monitoring;
fLanguage
English
Publisher
ieee
Conference_Titel
Human System Interactions, 2009. HSI '09. 2nd Conference on
Conference_Location
Catania
Print_ISBN
978-1-4244-3959-1
Electronic_ISBN
978-1-4244-3960-7
Type
conf
DOI
10.1109/HSI.2009.5091055
Filename
5091055
Link To Document