Toward Sound-Assisted Intrusion Detection Systems

Network intrusion detection has been generally dealt with using sophisticated software and statistical analysis, although sometimes it has to be done by administrators, either by detecting the intruders in real time or by revising network logs, making this a tedious and timeconsuming task. To support this, intrusion detection analysis has been carried out using visual, auditory or tactile sensory information in computer interfaces. However, little is known about how to best integrate the sensory channels for analyzing intrusion detection alarms. In the past, we proposed a set of ideas outlining the benefits of enhancing intrusion detection alarms with multimodal interfaces. In this paper, we present a simplified sound-assisted attack mitigation system enhanced with auditory channels. Results indicate that the resulting intrusion detection system effectively generates distinctive sounds upon a series of simple attack scenarios consisting of denial-of-service and port scanning.

[1]  Alexander A. Sawchuk,et al.  CyberSeer: 3D audio-visual immersion for network security and management , 2004, VizSEC/DMSEC '04.

[2]  John C. Knight,et al.  Security Monitoring, Visualization, and System Survivability: A Position Paper for ISW-2001 , 2001 .

[3]  Sumeet Singh,et al.  The EarlyBird System for Real-time Detection of Unknown Worms , 2005 .

[4]  Hari Balakrishnan,et al.  Fast portscan detection using sequential hypothesis testing , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[5]  Miguel A. Garcia-Ruiz,et al.  Towards a Multimodal Human-Computer Interface to Analyze Intrusion Detection in Computer Networks , 2006 .

[6]  B. Karp,et al.  Autograph: Toward Automated, Distributed Worm Signature Detection , 2004, USENIX Security Symposium.

[7]  Paul C. van Oorschot,et al.  A monitoring system for detecting repeated packets with applications to computer worms , 2006, International Journal of Information Security.

[8]  Alfonso Valdes,et al.  Scalable visualization of propagating internet phenomena , 2004, VizSEC/DMSEC '04.

[9]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[10]  Alva L. Couch,et al.  Peep (The Network Auralizer): Monitoring Your Network with Sound , 2000, LISA.

[11]  Mark Lehto,et al.  A review of: “Virtual Reality Technology” Grigore Burdea and Philippe Coiffet John Wiley & Sons, Inc., 1994 , 1996 .

[12]  Ali A. Ghorbani,et al.  A novel visualization technique for network anomaly detection , 2004, PST.

[13]  Dan S. Wallach,et al.  Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.

[14]  Sharon L. Oviatt,et al.  Perceptual user interfaces: multimodal interfaces that process what comes naturally , 2000, CACM.

[15]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[16]  Gregory Kramer,et al.  Auditory Display: Sonification, Audification, And Auditory Interfaces , 1994 .

[17]  Dawn Xiaodong Song,et al.  New Streaming Algorithms for Fast Detection of Superspreaders , 2005, NDSS.

[18]  Grigore C. Burdea,et al.  Virtual reality technology (2. ed.) , 2003 .

[19]  Gregory Kramer,et al.  Pitch and loudness interact in auditory displays: can the data get lost in the map? , 2002, Journal of experimental psychology. Applied.

[20]  B. Sick,et al.  Feature selection for intrusion detection: an evolutionary wrapper approach , 2004, 2004 IEEE International Joint Conference on Neural Networks (IEEE Cat. No.04CH37541).

[21]  Philip R. Cohen,et al.  MULTIMODAL INTERFACES THAT PROCESS WHAT COMES NATURALLY , 2000 .

[22]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[23]  Alan Lipschultz,et al.  Virtual Reality Technology, 2nd edition , 2004 .

[24]  Anthony D. Heyes The Sonic Pathfinder: A New Electronic Travel Aid , 1984 .

[25]  Philippe Coiffet,et al.  Virtual Reality Technology , 2003, Presence: Teleoperators & Virtual Environments.

[26]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[27]  Bill Kapralos,et al.  Towards Multimodal Interfaces for Intrusion Detection , 2007 .

[28]  Miguel Vargas Martin,et al.  A network mitigation system against distributed denial of service: a linux-based prototype , 2007 .

[29]  James Newsome,et al.  Polygraph: automatically generating signatures for polymorphic worms , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[30]  Ephraim P. Glinert,et al.  Multimodal Integration , 1996, IEEE Multim..

[31]  Emil Jovanov,et al.  Multimodal Presentation of Biomedical Data , 2006 .

[32]  Sharon L. Oviatt,et al.  Taming recognition errors with a multimodal interface , 2000, CACM.

[33]  Matthew M. Williamson,et al.  Implementing and Testing a Virus Throttle , 2003, USENIX Security Symposium.

[34]  Metin Akay,et al.  Wiley encyclopedia of biomedical engineering , 2006 .

[35]  Paul P. Maglio,et al.  Personal WebMelody: Customized Sonification of Web Servers , 2001, WWW Posters.