hit counter

Workshop on Statistical and Machine

Learning Techniques in Computer

Intrusion Detection

Abstract:

The increasing accessibility and volumes of on-line transactions and information is a reflection of the growing number and sophistication of computer security incidents on the Internet. While an Intrusion Detection System (IDS) maybe one component of a good security model, implementing an IDS on networks and hosts requires a broad understanding of computer
security and the massive amounts of textual data retrieved by the system. Given the sensitivity of the security posture, interpretation for rapid response in maintaining operational security is perhaps one of the biggest problems in security operations. As new approaches to intrusion detection systems are
introduced, one issue emerges consistently: how can the massive amounts of data captured by the IDS be managed to make better decisions in a timely manner?

Currently, potentially useful information is embedded in mountains of data. This is critical because embedded within the voluminous amounts of output data on a given network are patterns and relationships that often reveal subtle threats to the network. These events may appear as very low-speed attacks and attacks that are distributed among several sources. Decision-makers need to be able to extract key information from the output. This ability will lead
to more informed and therefore more effective and efficient decision-making. One research area that is receiving a multitude of interest is multimodal
interfacing, which involves a range of other areas such as: Human Computer Interaction (HCI), cognitive ergonomics, psychometrics, human factors and
usability. Within this community it is being found that effective integration of multiple modalities greatly impacts the usability of the system. So while
the idea - that visualization is a likely solution to the data management problem - has generated considerable discussion and research over recent years, a very limited number of research efforts have utilized multiple modalities for network performance tasks. There are a few bi-modal systems, but research on the application of multimodality to intrusion detection is a fairly new focus.

In this paper we discuss our research, which is focused on improving the speed and ability to assess ongoing attacks. In order to accomplish these goals,
we are developing a generalized framework for incorporating core multimodal techniques. Such a framework provides the analyst with a rich palette of integrated tools that could be tailored to suit the user's style and the preferred method of exploration of the user. Emphasis is placed into researching human
perception (pre-attentive processing), visual (algorithms, techniques, and models) and haptic technologies. Visual models and techniques such as:
landscape, node/link-map, spring, helical, NetViz proprietary format, and texture, will be presented along with haptic models that use force field and
viscosity. Furthermore, by allowing for multiple presentation formats and methods, the system exploits the human perceptual system to not only detect attacks on a system, but also patterns of attacks.