Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Unsupervised learning techniques for an intrusion detection system
Proceedings of the 2004 ACM symposium on Applied computing
A cooperative intrusion detection system for ad hoc networks
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
A new intrusion detection system using support vector machines and hierarchical clustering
The VLDB Journal — The International Journal on Very Large Data Bases
Rule generalisation in intrusion detection systems using SNORT
International Journal of Electronic Security and Digital Forensics
Neural network based intrusion detection system for critical infrastructures
IJCNN'09 Proceedings of the 2009 international joint conference on Neural Networks
Divided two-part adaptive intrusion detection system
Wireless Networks
| Hi-index | 0.00 |
Low-level network traffic information is often times beyond the understanding of common system operators (byte counts, port numbers, packet data, etc.). However, anomaly based Intrusion Detection Systems (IDS) often provide such low-level, difficult to comprehend information. This paper details a Human Interface for Security Awareness (HISA) algorithm for interpreting cyber incident information to human operators from anomaly based intrusion detections systems. A similarity algorithm mapping anomaly results to signature based intrusion system rules is developed. Categorizations of attacks found in rules created for the Snort intrusion system were used as a basis of information to present to the user. A proof of concept system was developed using Perl native functions and custom modules. Testing with generated ICMP packets resulted in an identification accuracy of 60% proving the efficacy of the presented HISA algorithm.