Results 1 -
4 of
4
Visual Behavior Characterization for Intrusion and Misuse Detection
, 2001
"... As computer and network intrusions become more and more of a concern, the need for better capabilities to assist in the detection and analysis of intrusions also increases. System administrators typically rely on log files to analyze usage and detect misuse. However, as a consequence of the amount o ..."
Abstract
-
Cited by 7 (0 self)
- Add to MetaCart
As computer and network intrusions become more and more of a concern, the need for better capabilities to assist in the detection and analysis of intrusions also increases. System administrators typically rely on log files to analyze usage and detect misuse. However, as a consequence of the amount of data collected by each machine, multiplied by the tens or hundreds of machines under the system administrator's auspices, the entirety of the data available is neither collected nor analyzed. This is compounded by the need to analyze network traffic data as well.
Visualization in detection of intrusions and misuse in large scale networks
- In Proceedings of the International Conference on Information Visualisation, IEEE Computer Society, International Conference on Information Visualization (IV2000), IEEE
, 2000
"... The Internet is quickly becoming entrenched in the communication and commercial sectors of everyday life. With this movement away from traditional fixed infrastructure we are also moving away from the traditional securities placed within fixed infrastructure. This has led to increasing numbers of at ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
(Show Context)
The Internet is quickly becoming entrenched in the communication and commercial sectors of everyday life. With this movement away from traditional fixed infrastructure we are also moving away from the traditional securities placed within fixed infrastructure. This has led to increasing numbers of attacks designed to infiltrate or disrupt the activities being performed by companies and individuals on the Internet. We are exploring the applicability of visualization techniques in conjunction with a well-known intrusion detection system (Hummer) for the detection and analysis of misuse of computer systems connected to the Internet. The visualization techniques will allow users to identify the behavior of users connecting to the system and identify those whose intentions are unwelcome. 1.
Visual Network Forensic Techniques and Processes
"... Abstract—Network forensics is the critical next step in the analysis of network attacks, intrusions, and misuses. It is the forensic process that will aid identification of what occurred and how. With the explosion in numbers and types of attacks it is critical that new techniques be developed to ai ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—Network forensics is the critical next step in the analysis of network attacks, intrusions, and misuses. It is the forensic process that will aid identification of what occurred and how. With the explosion in numbers and types of attacks it is critical that new techniques be developed to aid in the analysis of said attacks. For instance, with the recent widespread deployment of botnets, it is forensic techniques that will allow these botnets to be dissected to determine their extent, their capability, their control mechanisms, etc. In this paper we discuss visualization techniques designed around the analysis of network traffic data and tailored to the scalability issues intrinsic to such data. In conjunction with these techniques we discuss how these techniques fit into an analysts repertoire, how we foresee them being used, their advantages to the forensic process, and the process through which they will be effectively applied.
unknown title
"... Visual monitoring environments, such as intrusion detection systems, debugging environments, and feature extraction systems, require that a user familiar with the target domain examine, most often continuously, the visual representation of the underlying data. This improves the efficiency of the ana ..."
Abstract
- Add to MetaCart
(Show Context)
Visual monitoring environments, such as intrusion detection systems, debugging environments, and feature extraction systems, require that a user familiar with the target domain examine, most often continuously, the visual representation of the underlying data. This improves the efficiency of the analysis but requires that the visualization expert work with the user to provide the information in an efficient form. How the users employ the environment and the type and quantity of data will also affect aspects of the environment. The goal is to develop a user centric view when designing the software and meet the unique needs of the user at hand. Our work with intrusion and misuse detection has led to the need to develop techniques geared for these users. This requires us to give up some typical metaphors familiar to visualization experts that would not be acceptable to the expected user base. We will discuss the issues involved in developing visualization techniques when the user is not a visualization expert, has preconceived notions or expectation of the visualization environment, and has needs that fall outside the normal expectations of the visualization expert.