91 research outputs found
Improving intrusion detection systems using data mining techniques
Recent surveys and studies have shown that cyber-attacks have caused a
lot of damage to organisations, governments, and individuals around the world.
Although developments are constantly occurring in the computer security field,
cyber-attacks still cause damage as they are developed and evolved by
hackers. This research looked at some industrial challenges in the intrusion
detection area. The research identified two main challenges; the first one is that
signature-based intrusion detection systems such as SNORT lack the capability of
detecting attacks with new signatures without human intervention. The other
challenge is related to multi-stage attack detection, it has been found that
signature-based is not efficient in this area. The novelty in this research is
presented through developing methodologies tackling the mentioned challenges.
The first challenge was handled by developing a multi-layer classification
methodology. The first layer is based on decision tree, while the second layer is a
hybrid module that uses two data mining techniques; neural network, and fuzzy
logic. The second layer will try to detect new attacks in case the first one fails to
detect. This system detects attacks with new signatures, and then updates the
SNORT signature holder automatically, without any human intervention. The
obtained results have shown that a high detection rate has been obtained with
attacks having new signatures. However, it has been found that the false positive
rate needs to be lowered. The second challenge was approached by evaluating IP
information using fuzzy logic. This approach looks at the identity of participants
in the traffic, rather than the sequence and contents of the traffic. The results have
shown that this approach can help in predicting attacks at very early stages in
some scenarios. However, it has been found that combining this approach with a
different approach that looks at the sequence and contents of the traffic, such as
event- correlation, will achieve a better performance than each approach
individually
Cognitive Systems Engineering Models Applied to Cybersecurity
Cybersecurity is an increasing area of concern for organizations and individuals alike. The majority of successfully executed cyberattacks are a result of human error. One common type of attack that targets human users is phishing. In spite of this, there is a lack of research surrounding human implications on phishing behavior. Using an online survey platform with both phishing and legitimate emails, the present research examined the utility of various cognitive engineering models for modeling responses to these example emails. Using Signal Detection Theory (SDT) and Fuzzy Signal Detection Theory (Fuzzy SDT), the influence of familiarity with phishing and having a background in cybersecurity on phishing behavior was examined. The results from SDT analysis indicated that familiarity with phishing only accounted for 11% of the variance in sensitivity and 5% in bias. When examining the same using Fuzzy SDT analysis, familiarity with phishing accounted for 6% of the variance in bias. When examining background in cybersecurity using SDT analysis, t-tests indicated the null hypothesis could be rejected for the relationship of background in cybersecurity with sensitivity and bias. When examining the same for Fuzzy SDT, the null hypothesis could only be rejected for the relationship between bias and background in cybersecurity. In addition to these findings, the use of a confusion matrix revealed that the percentage of successfully transmitted information from the stimuli to the judgements made by participants was only 26%. Participant identification of phishing cues was also examined. Participants most frequently identified requests for personal information within the emails. Future research should continue to explore predictors of phishing behavior and the application of the different cognitive engineering models to phishing behavior
- …