Visualization of security events using an efficient correlation technique

The timely and reliable data transfer required by many networked applications necessitates the development of comprehensive security solutions to monitor and protect against an increasing number of malicious attacks. However, providing complete cyber space situation awareness is extremely challenging because of the lack of effective translation mechanisms from low-level situation information to high-level human cognition for decision making and action support. We propose an adaptive cyber security monitoring system that integrates a number of component techniques to collect time-series situation information, perform intrusion detection, keep track of event evolution, characterize and identify security events, and present a visual representation in order to provide comprehensive situational view so that corresponding defense actions can be taken in a timely and effective manner. We explore the principles of designing and applying appropriate visualization techniques for situation monitoring by defining graphical representations of security events. This differs from the traditional rule-based pattern matching techniques in that security events in the proposed system are represented as forms of correlation networks using random matrix theory and identified through the computation of network similarity measurement. The events and corresponding event types are visualized using a stemplot to show location and quantity. Extensive simulation results on event identification illustrate the efficacy of the proposed system.

[1]  Simon Haykin,et al.  Neural Networks: A Comprehensive Foundation , 1998 .

[2]  Greg,et al.  Security data visualization : graphical techniques for network analysis , 2007 .

[3]  Feng Luo,et al.  Constructing gene co-expression networks and predicting functions of unknown genes by random matrix theory , 2007, BMC Bioinformatics.

[4]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[5]  A. Edelman,et al.  Random matrix theory , 2005, Acta Numerica.

[6]  Peter Donnelly,et al.  Superfamilies of Evolved and Designed Networks , 2004 .

[7]  Massimo Marchiori,et al.  Error and attacktolerance of complex network s , 2004 .

[8]  M. Gerstein,et al.  TopNet: a tool for comparing biological sub-networks, correlating protein properties with topological statistics. , 2004, Nucleic acids research.

[9]  J. Rodgers,et al.  Thirteen ways to look at the correlation coefficient , 1988 .

[10]  Fabio A. González,et al.  An Intelligent Decision Support System for Intrusion Detection and Response , 2001, MMM-ACNS.

[11]  Leonard J LaPadula CyberSecurity Monitoring Tools and Projects: A Compendium of Commercial and Government Tools and Government Research Projects , 2000 .

[12]  Stefano Foresti,et al.  Visual correlation of network alerts , 2006, IEEE Computer Graphics and Applications.

[13]  D. Dasgupta,et al.  Security Visualization Survey , 2008 .

[14]  S. Hyakin,et al.  Neural Networks: A Comprehensive Foundation , 1994 .

[15]  Leonard J. LaPadula State of the Art in CyberSecurity Monitoring , 2000 .

[16]  Raffael Marty,et al.  Applied Security Visualization , 2008 .

[17]  J. Nazuno Haykin, Simon. Neural networks: A comprehensive foundation, Prentice Hall, Inc. Segunda Edición, 1999 , 2000 .