SVision: a network host-centered anomaly visualization technique

Authors:
Iosif-Viorel Onut;Bin Zhu;Ali A. Ghorbani
Affiliations:
Faculty of Computer Science, University of New Brunswick Fredericton, Canada;Faculty of Computer Science, University of New Brunswick Fredericton, Canada;Faculty of Computer Science, University of New Brunswick Fredericton, Canada
Venue:
ISC'05 Proceedings of the 8th international conference on Information Security
Year:
2005

Citing 2
Cited 0

Automated packet trace analysis of TCP implementations

SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Network Intrusion Visualization with NIVA, an Intrusion Detection Visual Analyzer with Haptic Integration

HAPTICS '02 Proceedings of the 10th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We proposed a technique merged from a combination of both anomaly and graphical methods, for intrusion detection. The network is pictured as a community of hosts that exchange messages among themselves. Our aim is to graphically highlight those hosts that represent a possible threat for the network, so that a network administrator will be able to further explore the anomaly and decide upon the responses that are appropriate. We choose to test our view against the DARPA 99 intrusion detection and evaluation dataset since it provides labels which we can use to monitor our system. Experiments show our visualization technique as a possible alternative for detection of network intrusions, in particular Denial of Service (DoS) and Distributed-DoS attacks such as Ping Of Death, UDP storm, SSH Process Table, and Smurf, to name a few.