RT-MOVICAB-IDS: Addressing real-time intrusion detection

This study presents a novel Hybrid Intelligent Intrusion Detection System (IDS) known as RT-MOVICAB-IDS that incorporates temporal control. One of its main goals is to facilitate real-time Intrusion Detection, as accurate and swift responses are crucial in this field, especially if automatic abortion mechanisms are running. The formulation of this hybrid IDS combines Artificial Neural Networks (ANN) and Case-Based Reasoning (CBR) within a Multi-Agent System (MAS) to detect intrusions in dynamic computer networks. Temporal restrictions are imposed on this IDS, in order to perform real/execution time processing and assure system response predictability. Therefore, a dynamic real-time multi-agent architecture for IDS is proposed in this study, allowing the addition of predictable agents (both reactive and deliberative). In particular, two of the deliberative agents deployed in this system incorporate temporal-bounded CBR. This upgraded CBR is based on an anytime approximation, which allows the adaptation of this Artificial Intelligence paradigm to real-time requirements. Experimental results using real data sets are presented which validate the performance of this novel hybrid IDSMinisterio de Economía y Competitividad (TIN2010-21272-C02-01, TIN2009-13839-C03-01), Ministerio de Ciencia e Innovación (CIT-020000-2008-2, CIT-020000-2009-12

Neural visualization of network traffic data for intrusion detection

This study introduces and describes a novel intrusion detection system (IDS) called MOVCIDS (mobile visualization connectionist IDS). This system applies neural projection architectures to detect anomalous situations taking place in a computer network. By its advanced visualization facilities, the proposed IDS allows providing an overview of the network traffic as well as identifying anomalous situations tackled by computer networks, responding to the challenges presented by volume, dynamics and diversity of the traffic, including novel (0-day) attacks. MOVCIDS provides a novel point of view in the field of IDSs by enabling the most interesting projections (based on the fourth order statistics; the kurtosis index) of a massive traffic dataset to be extracted. These projections are then depicted through a functional and mobile visualization interface, providing visual information of the internal structure of the traffic data. The interface makes MOVCIDS accessible from any mobile device to give more accessibility to network administrators, enabling continuous visualization, monitoring and supervision of computer networks. Additionally, a novel testing technique has been developed to evaluate MOVCIDS and other IDSs employing numerical datasets. To show the performance and validate the proposed IDS, it has been tested in different real domains containing several attacks and anomalous situations. In addition, the importance of the temporal dimension on intrusion detection, and the ability of this IDS to process it, are emphasized in this workJunta de Castilla and Leon project BU006A08, Business intelligence for production within the framework of the Instituto Tecnologico de Cas-tilla y Leon (ITCL) and the Agencia de Desarrollo Empresarial (ADE), and the Spanish Ministry of Education and Innovation project CIT-020000-2008-2. The authors would also like to thank the vehicle interior manufacturer, Grupo Antolin Ingenieria S. A., within the framework of the project MAGNO2008-1028-CENIT Project funded by the Spanish Government

A Survey, Taxonomy, and Analysis of Network Security Visualization Techniques

Network security visualization is a relatively new field and is quickly gaining momentum. Network security visualization allows the display and projection of the network or system data, in hope to efficiently monitor and protect the system from any intrusions or possible attacks. Intrusions and attacks are constantly continuing to increase in number, size, and complexity. Textually reading through log files or other textual sources is currently insufficient to secure a network or system. Using graphical visualization, security information is presented visually, and not only by text. Without network security visualization, reading through log files or other textual sources is an endless and aggravating task for network security analysts. Visualization provides a method of displaying large volume of information in a relatively small space. It also makes patterns easier to detect, recognize, and analyze. This can help security experts to detect problems that may otherwise be missed in reading text based log files. Network security visualization has become an active research field in the past six years and a large number of visualization techniques have been proposed. A comprehensive analysis of the existing techniques is needed to help network security designers make informed decisions about the appropriate visualization techniques under various circumstances. Moreover, a taxonomy of the existing visualization techniques is needed to classify the existing network security visualization techniques and present a high level overview of the field. In this thesis, the author surveyed the field of network security visualization. Specifically, the author analyzed the network security visualization techniques from the perspective of data model, visual primitives, security analysis tasks, user interaction, and other design issues. Various statistics were generated from the literatures. Based on this analysis, the author has attempted to generate useful guidelines and principles for designing effective network security visualization techniques. The author also proposed a taxonomy for the security visualization techniques. To the author’s knowledge, this is the first attempt to generate a taxonomy for network security visualization. Finally, the author evaluated the existing network security visualization techniques and discussed their characteristics and limitations. For future research, the author also discussed some open research problems in this field. This research is a step towards a thorough analysis of the problem space and the solution space in network security visualization

A characteristic-based visual analytics approach to detect subtle attacks from NetFlow records

Security is essentially important for any enterprise networks. Denial of service, port scanning, and data exfiltration are among of the most common network intrusions. It\u27s urgent for network administrators to detect such attacks effectively and efficiently from network traffic. Though there are many intrusion detection systems (IDSs) and approaches, Visual Analytics (VA) provides a human-friendly approach to detect network intrusions with situational awareness functionality. Overview visualization is the first and most important step in a VA approach. However, many VA systems cannot effectively identify subtle attacks from massive traffic data because of the incapability of overview visualizations. In this work, we developed two overviews and tried to identify subtle attacks directly from these two overviews. Moreover, zoomed-in visualizations were also provided for further investigation. The primary data source was NetFlow and we evaluated the VA system with datasets from Mini Challenge 3 of VAST challenge 2013. Evaluation results indicated that the VA system can detect all the labeled intrusions (denial of service, port scanning and data exfiltration) with very few false alerts

Trau, SCHAU, wem? - V-IDS oder eine andere Sicht der Dinge

Die ständig wachsende Flut der in einem Netzwerk anfallenden sicherheitsrelevanten Daten macht in zunehmendem Maße neue Darstellungsformen notwendig. Nur so können diese Daten ausreichend schnell und in angemessenem Umfang erfassbar und beherrschbar bleiben. Wesentlich schneller und intuitiver als reinen Text können wir den Inhalt von Bildern erfassen, grafische Darstellungen machen Geschehnisse in der Regel leichter erfassbar. Informationen können zusätzlich stärker verdichtet dargestellt werden, ohne dass der transportierte Inhalt darunter leidet. Die Darstellung von Sicherheitsdaten in grafischer Form steht derzeit noch sehr am Anfang, es gibt wenig Erfahrung, welche Darstellungen mehr und welche weniger geeignet sind. V-IDS soll Grundlagen legen für eine dynamische, dreidimensionale Darstellung solcher Daten. Es soll ein einfaches Experimentieren mit verschiedenen und neuartigen Darstellungen ermöglichen. Damit können dann vorhandene und zukünftige Ideen einfach und ohne längere Entwicklungszeit prototypisch umgesetzt und bewertet werden

ToLeRating UR-STD

A new emerging paradigm of Uncertain Risk of Suspicion, Threat and Danger, observed across the field of information security, is described. Based on this paradigm a novel approach to anomaly detection is presented. Our approach is based on a simple yet powerful analogy from the innate part of the human immune system, the Toll-Like Receptors. We argue that such receptors incorporated as part of an anomaly detector enhance the detector’s ability to distinguish normal and anomalous behaviour. In addition we propose that Toll-Like Receptors enable the classification of detected anomalies based on the types of attacks that perpetrate the anomalous behaviour. Classification of such type is either missing in existing literature or is not fit for the purpose of reducing the burden of an administrator of an intrusion detection system. For our model to work, we propose the creation of a taxonomy of the digital Acytota, based on which our receptors are created

Designing an interactive visualization for intrusion detection systems with video game theory and technology

With an ever increasing number of attacks on networks that have an even more increasing amount of information being communicated across them, the old means of examining network data for intruders and malicious acts through text no longer works. Even with the help of filters and data aggregation there is too much for a person to read through and get a clear understanding of what is happen across a network, causing security officers to many times miss intrusions. With an overwhelming amount of false alerts from incorrectly setup Intrusion Detection Systems and not enough time to sift through them all, a new means of displaying and interacting with the network data presented by intrusion detection system is needed. That is why there has been an increase in research about how to create visualizations for networks that will allow someone to better understand what is happening across a network. Using previous research as well as a study of the theory and architecture used by the video game industry on interactive environments, it is possible to create an intuitive interactive visual environment of network data that will help network administrators more effectively understand their networks and where potential threats may lurk. Therefore, this proposed design attempts to help solve the problem of network communication comprehension

Improving user comfort in haptic virtual environments through gravity compensation

Our experience with a Haptic Workstation™ has shown that this device is uncomfortable to use during long sessions. The main reason is the uncomfortable posture of the arms, which must be kept outstretched horizontally while supporting the weight of an exoskeleton. We describe Zero-G, a real-time weight compensation system aimed at improving user comfort by compensating for the weight of both the exoskeleton and arms (zero gravity illusion). We present experimental results complemented with electro myography measures (EMG) as an indicator of muscular activity/fatigue. Our tests show how Zero-G exerts a positive influence on the reduction of muscular fatigue when using a Haptic Workstation