Abstract
Network intrusion detection has been generally dealt with using sophisticated software and statistical analysis, although sometimes it has to be done by administrators, either by detecting the intruders in real time or by revising network logs, making this a tedious and time-consuming task. To support this, intrusion detection analysis has been carried out using visual, auditory or tactile sensory information in computer interfaces. However, little is known about how to best integrate the sensory channels for analyzing intrusion detection alarms. In the past, we proposed a set of ideas outlining the benefits of enhancing intrusion detection alarms with multimodal interfaces. In this paper, we present a simplified sound-assisted attack mitigation system enhanced with auditory channels. Results indicate that the resulting intrusion detection system effectively generates distinctive sounds upon a series of simple attack scenarios consisting of denial-of-service and port scanning.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Barra, M., Cillo, T., De Santis, A., Petrillo, U.F., Negro, A., Scarano, V.: Personal webmelody: Customized sonification of web servers. In: ICAD. Proceedings of the International Conference on Auditory Display, Espoo, Finland (July 29 – August 1, 2001)
Blattner, M.M., Glinert, E.P.: Multimodal integration. IEEE Multimedia 3(4) (1996)
Burdea, G.C., Coiffet, P.: Virtual Reality Technology, 2nd edn. Wiley-IEEE Press (2003)
Crosby, S., Wallach, D.: Denial of service via algorithmic complexity attacks. In: Proceedings of the 12th USENIX Security Symposium, Washington, DC (2003)
Fyodor: The art of port scanning. Phrack Magazine, 7(51) (1997), [Accessed: March 6, 2003], http://www.phrack.org
García-Ruiz, M., Vargas Martin, M., Green, M.: Towards a multimodal human-computer interface to analyze intrusion detection in computer networks. In: First Human-Computer Interaction Workshop (MexIHC), Puebla, Mexico (2006)
García-Ruiz, M., Vargas Martin, M., Kapralos, B.: Towards multimodal interfaces for intrusion detection. In: Proceedings of the 122nd Convention of the Audio Engineering Society, Vienna, Austria (May 5–8, 2007)
Gilfix, M., Couch, A.: Peep (the network auralizer): Monitoring your network with sound. In: LISA XIV. Proceedings of 14th System Administration Conference, New Orleans, USA (December 3–8, 2000)
Goodrich, M.T., Sirivianos, M., Solis, J., Tsudik, G., Uzun, E.: Loud and clear: Human verifiable authentication based on audio. In: IEEE ICDCS (2006)
Gopinath, M.C.: Auralization of intrusion detection systems using Jlisten. Master’s thesis, Birla Institute of Technology and Science, India (2004)
Heyes, D.A.: The sonic pathfinder: A new electronic travel aid. Journal of Visual Impairment and Blindness 77, 200–202 (1984)
Hofmann, A., Horeis, T., Sick, B.: Feature selection for intrusion detection: An evolutionary approach. In: IJCNN. Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks, Budapest, Hungary, vol. 2 (2004)
Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: Proceedings of the 2004 IEEE Symposium on Security & Privacy, Oakland, USA (May 2004)
Kim, H.-A., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: Proceedings of 13th USENIX Security Symposium, San Diego, USA(August 9–13, 2004)
Kramer, G. (ed.): Auditory display: Sonification, audification, and auditory interfaces. Santa Fe Institute Studies in the Sciences of Complexity, Proc. Vol. XVIII. Addison-Wesley, Reading, MA (1994)
Neuhoff, J.G., Kramer, G., Wayand, J.: Pitch and loudness interact in auditory displays: Can the data get lost in the map? Journal of Experimental Psychology: Applied 8(1), 17–25 (2002)
Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, Oakland, USA (2005)
Obrenovic, Z., Starcevic, D., Jovanov, E.: Multimodal presentation of biomedical data. Wiley Encyclopedia of Biomedical Engineering (2006)
Onut, I.V., Zhu, B., Ghorbani, A.: A novel visualization technique for network anomaly detection. In: Proceedings of the 2nd Annual Conference on Privacy, Security and Trust, Fredericton, Canada (2004)
Oviatt, S., Cohen, P.: Multimodal interfaces that process what comes naturally. Communications of the ACM 43(3), 45–53 (2000)
Papadopoulos, C., Kyriakakis, C., Sawchuk, A., He, X.: Cyberseer: 3D audio-visual immersion for network security and management. In: Proceedings of the, ACM Workshop on Visualization and Data Mining For Computer Security, pp. 90–98, Washington DC, USA (October 29, 2004)
Park, K., Lee, H.: On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets. In: SIGCOMM 2001. Proceedings of the Special Interest Group on Data Communication, San Diego, USA (2001)
Qi, L., Vargas Martin, M.: IDS sonification (2007), http://www.hrl.uoit.ca/~mvargas/IDS_sonification/SoundRecording.zip
Qi, L., Zandi, M., Vargas Martin, M.: A network mitigation system against denial of service: A Linux-based prototype. In: EuroIMSA. Proceedings of IASTED Internet and Multimedia Systems and Applications, Chamonix, France (March 14–16, 2007)
Singh, S., Estan, C., Varghese, G., Savage, S.: The EarlyBird system for real-time detection of unknown worms. Technical Report CS2003-0761, University of California, San Diego, San Diego, USA (2003)
Staniford, S., Paxon, V., Weaver, N.: How to 0wn the Internet in your spare time. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, USA (August 5–9, 2002)
Twycross, J., Williamson, M.M.: Implementing and testing a virus throttle. In: Proceedings of the 12th USENIX Security Symposium, Washington, USA (August 4–8, 2003)
Valdes, V., Fong, M.: Scalable visualization of propagating Internet phenomena. In: Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security, Washington DC (2004)
van Oorschot, P.C., Robert, J.-M., Vargas Martin, M.: A monitoring system for detecting repeated packets with applications to computer worms. International Journal of Information Security 5(3), 186–199 (2006)
Varner, P.E., Knight, J.C.: Security monitoring, visualization, and system survivability. In: IEEE/SEI. Information Survivability Workshop (ISW) (2001)
Venkataraman, S., Song, D., Gibbons, P., Blum, A.: New streaming algorithms for fast detection of superspreaders. In: Proceedings of the Network and Distributed System Security Symposium, San Diego, USA (2005)
Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Proceedings of the Seventh International Symposium on Recent Advances in Intrusion Detection, Sophia Antipolis, France (September 15–17, 2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Qi, L., Vargas Martin, M., Kapralos, B., Green, M., García-Ruiz, M. (2007). Toward Sound-Assisted Intrusion Detection Systems. In: Meersman, R., Tari, Z. (eds) On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS. OTM 2007. Lecture Notes in Computer Science, vol 4804. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76843-2_36
Download citation
DOI: https://doi.org/10.1007/978-3-540-76843-2_36
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76835-7
Online ISBN: 978-3-540-76843-2
eBook Packages: Computer ScienceComputer Science (R0)