Improving Intrusion Analysis Effectiveness

Analysis vs. analysis The volume of data available to the analyst for the forensic analysis of an intrusion or other form of successful attack is enormous. Clearly, analyzing the textual data would be prohibitive as a networked environment will generate tens of thousands of log messages a day. In complex cases, where events must be correlated both temporally and spatially, the task is daunting. Many techniques are applicable to aid the analyst, including: data mining, machine learning, and visualization. Currently, no technique is the end all be all of forensic analysis. Consequently, this paper discusses our research towards the development of visualization techniques to aid the analysis process. These techniques are geared towards incorporation of all intrusion detection and analysis data, including both the original log data as well as the results of other intrusion detection and analysis tools. Incorporating all results into a single environment greatly increases the analyst's effectiveness. This will have the effect of reducing the lost time examining false positives, allowing identification of true anomalies, their sources, and their impact.

[1]  Deborah A. Frincke,et al.  Intrusion and Misuse Detection in Large-Scale Systems , 2002, IEEE Computer Graphics and Applications.

[2]  Deborah Estrin,et al.  Network Visualization with Nam, the VINT Network Animator , 2000, Computer.

[3]  Daniel A. Keim,et al.  Visualizing large-scale telecommunication networks and services , 1999, Proceedings Visualization '99 (Cat. No.99CB37067).

[4]  Stuart McClure,et al.  Hacking Exposed; Network Security Secrets and Solutions , 1999 .

[5]  M. Braga,et al.  Exploratory Data Analysis , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[6]  Nicole Fruehauf Visual Computing The Integration Of Computer Graphics Visual Perception And Imaging , 2016 .

[7]  John Andrew Berton Strategies for scientific visualization: analysis and comparison of current techniques , 1990, Other Conferences.

[8]  Graham J. Wills,et al.  Navigating large networks with hierarchies , 1993, Proceedings Visualization '93.

[9]  Robert F. Erbacher,et al.  A COMPONENT-BASED EVENT-DRIVEN INTERACTIVE VISUALIZATION SOFTWARE ARCHITECTURE , 2002 .

[10]  Robert F. Erbacher,et al.  Data Collection , 1985 .

[11]  Allan R. Wilks,et al.  Graphical methods to analyze network data , 1993, Proceedings of ICC '93 - IEEE International Conference on Communications.

[12]  Ben Shneiderman,et al.  Readings in information visualization - using vision to think , 1999 .

[13]  Kenneth C. Cox,et al.  3D geographic network displays , 1996, SGMD.

[14]  Graham J. Wills,et al.  Visualizing Network Data , 2009, Encyclopedia of Database Systems.

[15]  Robert F. Erbacher,et al.  Visual Behavior Characterization for Intrusion Detection in Large Scale Systems , 2001, VIIP.

[16]  D. Frincke,et al.  A Framework for Cooperative Intrusion Detection , 1998 .