Interactive three-dimensional visualization of network intrusion detection data for machine learning

Abstract The threat of cyber-attacks is on the rise in the digital world today. As such, effective cybersecurity solutions are becoming increasingly important for detecting and combating cyber-attacks. The use of machine learning techniques for network intrusion detection is a growing area of research, as these techniques can potentially provide a means for automating the detection of attacks and abnormal traffic patterns in real-time. However, misclassification is a common problem in machine learning for intrusion detection, and the improvement of machine learning models is hindered by a lack of insight into the reasons behind such misclassification. This paper presents an interactive method of visualizing network intrusion detection data in three-dimensions. The objective is to facilitate the understanding of network intrusion detection data using a visual representation to reflect the geometric relationship between various categories of network traffic. This interactive visual representation can potentially provide useful insight to aid the understanding of machine learning results. To demonstrate the usefulness of the proposed visualization approach, this paper presents results of experiments on commonly used network intrusion detection datasets.

[1]  Li-Yi Wei Multi-class blue noise sampling , 2010, SIGGRAPH 2010.

[2]  Phurivit Sangkatsanee,et al.  Practical real-time intrusion detection using machine learning approaches , 2011, Comput. Commun..

[3]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[4]  Dennis Gamayunov,et al.  Visualization of complex attacks and state of attacked network , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[5]  Julio Ortega Lopera,et al.  PCA filtering and probabilistic SOM for network intrusion detection , 2015, Neurocomputing.

[6]  Jun Zhang,et al.  Visualization of big data security: a case study on the KDD99 cup data set , 2017 .

[7]  Álvaro Herrero,et al.  Neural visualization of network traffic data for intrusion detection , 2011, Appl. Soft Comput..

[8]  Mengchen Liu,et al.  A survey on information visualization: recent advances and challenges , 2014, The Visual Computer.

[9]  Diane Staheli,et al.  BubbleNet: A Cyber Security Dashboard for Visualizing Patterns , 2016, Comput. Graph. Forum.

[10]  Chris North,et al.  Home-centric visualization of network traffic for security administration , 2004, VizSEC/DMSEC '04.

[11]  Chih-Fong Tsai,et al.  CANN: An intrusion detection system based on combining cluster centers and nearest neighbors , 2015, Knowl. Based Syst..

[12]  Lane Harrison,et al.  Visualization evaluation for cyber security: trends and future directions , 2014, VizSEC.

[13]  Wayne G. Lutters,et al.  Preserving the big picture: visual network traffic analysis with TNV , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[14]  Shahrzad Zargari,et al.  Feature selection in UNSW-NB15 and KDDCUP'99 datasets , 2017, 2017 IEEE 26th International Symposium on Industrial Electronics (ISIE).

[15]  Laurens van der Maaten,et al.  Accelerating t-SNE using tree-based algorithms , 2014, J. Mach. Learn. Res..

[16]  Gabriel Maciá-Fernández,et al.  Hierarchical PCA-based multivariate statistical network monitoring for anomaly detection , 2016, 2016 IEEE International Workshop on Information Forensics and Security (WIFS).

[17]  Yang-Wai Chow,et al.  A 3D Approach for the Visualization of Network Intrusion Detection Data , 2018, 2018 International Conference on Cyberworlds (CW).

[18]  Ali A. Ghorbani,et al.  SVision: A novel visual network-anomaly identification technique , 2007, Comput. Secur..

[19]  Ali A. Ghorbani,et al.  A Survey of Visualization Systems for Network Security , 2012, IEEE Transactions on Visualization and Computer Graphics.

[20]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[21]  André C. Drummond,et al.  A Survey of Random Forest Based Methods for Intrusion Detection Systems , 2018, ACM Comput. Surv..

[22]  Jill Slay,et al.  The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set , 2016, Inf. Secur. J. A Glob. Perspect..

[23]  Giuseppe Santucci,et al.  PERCIVAL: proactive and reactive attack and response assessment for cyber incidents using visual analytics , 2015, 2015 IEEE Symposium on Visualization for Cyber Security (VizSec).

[24]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[25]  Paulo E. Rauber,et al.  Visualizing the Hidden Activity of Artificial Neural Networks , 2017, IEEE Transactions on Visualization and Computer Graphics.

[26]  Jun Zhu,et al.  Analyzing the Training Processes of Deep Generative Models , 2018, IEEE Transactions on Visualization and Computer Graphics.

[27]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[28]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[29]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[30]  Christophe Diot,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM.

[31]  Shan Suthaharan,et al.  Big data classification: problems and challenges in network intrusion prediction with machine learning , 2014, PERV.

[32]  Xiting Wang,et al.  Towards better analysis of machine learning models: A visual analytics perspective , 2017, Vis. Informatics.

[33]  Jian Ma,et al.  A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering , 2010, Expert Syst. Appl..