Visualization techniques for intrusion behavior identification

Current intrusion detection techniques are plagued with false positives and false negatives. Ensuring that intrusions are not missed requires that administrators filter through enormous numbers of false positives. In this work, we are attempting to improve the administrators ability to analyze the available data, make far more rapid assessments as to the nature of a given event or event stream, and identify anomalous activity not normally identified as such. To this end, we are exploring the roots of the identified activity, namely the underlying behavior of the users, hosts, and networks under the administrator's auspices. We present here our work related to visualization as it applies to behavior and intrusion detection. We have found that the representations can be quite effective at conveying the needed information and resolving the relationships extremely rapidly.

[1]  Tim Bray,et al.  Measuring the Web , 1996, World Wide Web J..

[2]  Allan R. Wilks,et al.  Visualizing Network Data , 1995, IEEE Trans. Vis. Comput. Graph..

[3]  John McHugh,et al.  Intrusion and intrusion detection , 2001, International Journal of Information Security.

[4]  Deborah A. Frincke,et al.  Intrusion and Misuse Detection in Large-Scale Systems , 2002, IEEE Computer Graphics and Applications.

[5]  M. Angela Sasse,et al.  Making Passwords Secure and Usable , 1997, BCS HCI.

[6]  Ben Shneiderman,et al.  Readings in information visualization - using vision to think , 1999 .

[7]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[8]  John McHugh,et al.  Defending Yourself: The Role of Intrusion Detection Systems , 2000, IEEE Software.

[9]  Thomas P. Caudell,et al.  Immersive Network Monitoring , 2003 .

[10]  Alex Wood Intrusion Detection: Visualizing Attacks in IDS Data , 2003 .

[11]  Craig Scott,et al.  Network Intrusion Visualization with NIVA, an Intrusion Detection Visual and Haptic Analyzer , 2003, Inf. Vis..

[12]  Kwan-Liu Ma,et al.  A visual exploration process for the analysis of Internet routing data , 2003, IEEE Visualization, 2003. VIS 2003..

[13]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[14]  Graham J. Wills,et al.  Navigating large networks with hierarchies , 1993, Proceedings Visualization '93.