Title :
Human interface for cyber security anomaly detection systems
Author :
Vollmer, D.T. ; Manic, Milos
Author_Institution :
Idaho Nat. Lab., Idaho Falls, ID
Abstract :
Low-level network traffic information is often times beyond the understanding of common system operators (byte counts, port numbers, packet data, etc.). However, anomaly based Intrusion Detection Systems (IDS) often provide such low-level, difficult to comprehend information. This paper details a Human Interface for Security Awareness (HISA) algorithm for interpreting cyber incident information to human operators from anomaly based intrusion detections systems. A similarity algorithm mapping anomaly results to signature based intrusion system rules is developed. Categorizations of attacks found in rules created for the Snort intrusion system were used as a basis of information to present to the user. A proof of concept system was developed using Perl native functions and custom modules. Testing with generated ICMP packets resulted in an identification accuracy of 60% proving the efficacy of the presented HISA algorithm.
Keywords :
digital signatures; security of data; traffic information systems; user interfaces; cyber security anomaly detection system; digital signature; human interface; intrusion detection system; network traffic information system; security awareness; snort intrusion system; user interface; Communication system control; Communication system security; Computer security; Control systems; Humans; Information security; Information technology; Intrusion detection; Laboratories; Safety; command and control systems; site security monitoring;
Conference_Titel :
Human System Interactions, 2009. HSI '09. 2nd Conference on
Conference_Location :
Catania
Print_ISBN :
978-1-4244-3959-1
Electronic_ISBN :
978-1-4244-3960-7
DOI :
10.1109/HSI.2009.5091055
