Visualisation for Intrusion Detection Hooking the Worm
نویسنده
چکیده
Even though intrusion detection systems have been studied for a number of years several problems remain; chiefly low detection rates and high false alarm rates. Instead of building automated alarms that trigger when a computer security violation takes place, we propose to visualise the state of the computer system such that the operator himself can determine whether a violation has taken place. In effect replacing the “burglar alarm” with a
منابع مشابه
TTAnalyze: A Tool for Analyzing Malware
Malware analysis is the process of determining the purpose and functionality of a given malware sample (such as a virus, worm, or Trojan horse). This process is a necessary step to be able to develop effective detection techniques for malicious code. In addition, it is an important prerequisite for the development of removal tools that can thoroughly delete malware from an infected machine. Tra...
متن کاملUnderstanding Intrusion Detection Through Visualization
With the ever increasing use of computers for critical systems, computer security, the protection of data and computer systems from intentional, malicious intervention, is attracting much attention. Among the methods for defence, intrusion detection, i.e. the application of a tool to help the operator identify ongoing or already perpetrated attacks has been the subject of considerable research ...
متن کاملVisualising the inner workings of a self learning classifier: Improving the usability of intrusion detection systems
Current advanced intrusion detection systems that benefit from utilising machine learning principles are not as easy to use as might be hoped for. As a result the user has difficulties in judging the quality of the output, i.e. identifying false and true alarms. Problems in training the system might also go unnoticed. To counteract this we propose to use information visualisation to make the op...
متن کاملA Hybrid Machine Learning Method for Intrusion Detection
Data security is an important area of concern for every computer system owner. An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. Already various techniques of artificial intelligence have been used for intrusion detection. The main challenge in this area is the running speed of the available implemen...
متن کاملDetecting Computer Worms in the Cloud
Computer worms are very active and new sophisticated versions continuously appear. Signature-based detection methods work with a low false-positive rate, but previously knowledge about the threat is needed. Anomaly-based intrusion detection methods are able to detect new and unknown threats, but meaningful information for correct results is necessary. We propose an anomaly-based intrusion detec...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003