1,132 research outputs found
Sonification of Network Traffic Flow for Monitoring and Situational Awareness
Maintaining situational awareness of what is happening within a network is
challenging, not least because the behaviour happens within computers and
communications networks, but also because data traffic speeds and volumes are
beyond human ability to process. Visualisation is widely used to present
information about the dynamics of network traffic dynamics. Although it
provides operators with an overall view and specific information about
particular traffic or attacks on the network, it often fails to represent the
events in an understandable way. Visualisations require visual attention and so
are not well suited to continuous monitoring scenarios in which network
administrators must carry out other tasks. Situational awareness is critical
and essential for decision-making in the domain of computer network monitoring
where it is vital to be able to identify and recognize network environment
behaviours.Here we present SoNSTAR (Sonification of Networks for SiTuational
AwaReness), a real-time sonification system to be used in the monitoring of
computer networks to support the situational awareness of network
administrators. SoNSTAR provides an auditory representation of all the TCP/IP
protocol traffic within a network based on the different traffic flows between
between network hosts. SoNSTAR raises situational awareness levels for computer
network defence by allowing operators to achieve better understanding and
performance while imposing less workload compared to visual techniques. SoNSTAR
identifies the features of network traffic flows by inspecting the status flags
of TCP/IP packet headers and mapping traffic events to recorded sounds to
generate a soundscape representing the real-time status of the network traffic
environment. Listening to the soundscape allows the administrator to recognise
anomalous behaviour quickly and without having to continuously watch a computer
screen.Comment: 17 pages, 7 figures plus supplemental material in Github repositor
Development of Threat Evaluation Tool for Distributed Network Environment
Current information protection systems only detect and warn against individual intrusion, and are not able to provide a collective and synthesized alert message. In this paper, we propose a new Meta-IDS system which is called ``SIA System''. The SIA system can filter redundant alert messages, analyze mixed attacks using correlation alert messages from each sensor and respond to security threats quickly, after classifying them into one of four different statuses. Then we implement the SIA system and test the efficiency of it in the managed networks. Thus we confirm that the SIA system enables security managers to deal with security threats efficiently
Low-Dimensional Topology of Information Fusion
We provide an axiomatic characterization of information fusion, on the basis
of which we define an information fusion network. Our construction is
reminiscent of tangle diagrams in low dimensional topology. Information fusion
networks come equipped with a natural notion of equivalence. Equivalent
networks `contain the same information', but differ locally. When fusing
streams of information, an information fusion network may adaptively optimize
itself inside its equivalence class. This provides a fault tolerance mechanism
for such networks.Comment: 8 pages. Conference proceedings version. Will be superceded by a
journal versio
A review on intelligent monitoring and activity interpretation
This survey paper provides a tour of the various monitoring and activity interpretation frameworks found in the literature. The needs of monitoring and interpretation systems are presented in relation to the area where they have been developed or applied. Their evolution is studied to better understand the characteristics of current systems. After this, the main features of monitoring and activity interpretation systems are defined.Este trabajo presenta una revisión de los marcos de trabajo para monitorización e interpretación de actividades presentes en la literatura. Dependiendo del área donde dichos marcos se han desarrollado o aplicado, se han identificado diferentes necesidades. Además, para comprender mejor las particularidades de los marcos de trabajo, esta revisión realiza un recorrido por su evolución histórica. Posteriormente, se definirían las principales características de los sistemas de monitorización e interpretación de actividades.This work was partially supported by Spanish Ministerio de Economía y Competitividad / FEDER under DPI2016-80894-R grant
Multi-Source Data Fusion for Cyberattack Detection in Power Systems
Cyberattacks can cause a severe impact on power systems unless detected
early. However, accurate and timely detection in critical infrastructure
systems presents challenges, e.g., due to zero-day vulnerability exploitations
and the cyber-physical nature of the system coupled with the need for high
reliability and resilience of the physical system. Conventional rule-based and
anomaly-based intrusion detection system (IDS) tools are insufficient for
detecting zero-day cyber intrusions in the industrial control system (ICS)
networks. Hence, in this work, we show that fusing information from multiple
data sources can help identify cyber-induced incidents and reduce false
positives. Specifically, we present how to recognize and address the barriers
that can prevent the accurate use of multiple data sources for fusion-based
detection. We perform multi-source data fusion for training IDS in a
cyber-physical power system testbed where we collect cyber and physical side
data from multiple sensors emulating real-world data sources that would be
found in a utility and synthesizes these into features for algorithms to detect
intrusions. Results are presented using the proposed data fusion application to
infer False Data and Command injection-based Man-in- The-Middle (MiTM) attacks.
Post collection, the data fusion application uses time-synchronized merge and
extracts features followed by pre-processing such as imputation and encoding
before training supervised, semi-supervised, and unsupervised learning models
to evaluate the performance of the IDS. A major finding is the improvement of
detection accuracy by fusion of features from cyber, security, and physical
domains. Additionally, we observed the co-training technique performs at par
with supervised learning methods when fed with our features
Evidence Fusion using D-S Theory: utilizing a progressively evolving reliability factor in wireless networks
The Dempster-Shafer (D-S) theory provides a method to combine evidence from multiple nodes to estimate the likelihood of an intrusion. The theory\u27s rule of combination gives a numerical method to fuse multiple pieces of information to derive a conclusion. But, D-S theory has its shortcomings when used in situations where evidence has significant conflict. Though the observers may have different values of uncertainty in the observed data, D-S theory considers the observers to be equally trustworthy. This thesis introduces a new method of combination based on D-S theory and Consensus method, that takes into consideration the reliability of evidence used in data fusion. The new method\u27s results have been compared against three other methods of evidence fusion to objectively analyze how they perform under Denial of Service attacks and Xmas tree scan attacks
K-coverage in regular deterministic sensor deployments
An area is k-covered if every point of the area is covered by at least k sensors. K-coverage is necessary for many applications, such as intrusion detection, data gathering, and object tracking. It is also desirable in situations where a stronger environmental monitoring capability is desired, such as military applications. In this paper, we study the problem of k-coverage in deterministic homogeneous deployments of sensors. We examine the three regular sensor deployments - triangular, square and hexagonal deployments - for k-coverage of the deployment area, for k ≥ 1. We compare the three regular deployments in terms of sensor density. For each deployment, we compute an upper bound and a lower bound on the optimal distance of sensors from each other that ensure k-coverage of the area. We present the results for each k from 1 to 20 and show that the required number of sensors to k-cover the area using uniform random deployment is approximately 3-10 times higher than regular deployments
- …