Network attack visualization and response through intelligent icons

Authors:
Scott C. Evans;T. Stephen Markham;Richard Bejtlich;Bruce Barnett;Bernhard Scholz;Robert Mitchell;Weizhong Yan;Eric Steinbrecher;Jeremy Impson
Affiliations:
General Electric Global Research, Niskayuna, NY;General Electric Global Research, Niskayuna, NY;General Electric Global Research, Niskayuna, NY;General Electric Global Research, Niskayuna, NY;General Electric Global Research, Niskayuna, NY;General Electric Global Research, Niskayuna, NY;General Electric Global Research, Niskayuna, NY;Lockheed Martin, Owego, NY;Lockheed Martin, Owego, NY
Venue:
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Year:
2009

Citing 2
Cited 0

The Tao Of Network Security Monitoring: Beyond Intrusion Detection

The Tao Of Network Security Monitoring: Beyond Intrusion Detection
Intelligent Icons: Integrating Lite-Weight Data Mining and Visualization into GUI Operating Systems

ICDM '06 Proceedings of the Sixth International Conference on Data Mining

Quantified Score

Hi-index	0.00

Visualization

Abstract

Determination of appropriate response to information system attack is jointly determined by confidence of classification, nature (type) of attack, and confidence in effectiveness of response. In this paper we present a technique to rapidly assess similarity of observed behavior to attack or normal models: displaying the similarity of observed data to learned Minimum Description Length Models for normal and attack behaviors using "intelligent icons". These icons provide a visual indication of similarity to normal and attack signatures and can alert human operators to the key motifs and signatures that affect confidence in classification and indicated response.