By Topic

Human interface for cyber security anomaly detection systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Denis Todd Vollmer ; Idaho National Laboratory, USA ; Milos Manic

Low-level network traffic information is often times beyond the understanding of common system operators (byte counts, port numbers, packet data, etc.). However, anomaly based Intrusion Detection Systems (IDS) often provide such low-level, difficult to comprehend information. This paper details a Human Interface for Security Awareness (HISA) algorithm for interpreting cyber incident information to human operators from anomaly based intrusion detections systems. A similarity algorithm mapping anomaly results to signature based intrusion system rules is developed. Categorizations of attacks found in rules created for the Snort intrusion system were used as a basis of information to present to the user. A proof of concept system was developed using Perl native functions and custom modules. Testing with generated ICMP packets resulted in an identification accuracy of 60% proving the efficacy of the presented HISA algorithm.

Published in:

2009 2nd Conference on Human System Interactions

Date of Conference:

21-23 May 2009