Case study: visualization and information retrieval techniques for network intrusion detection

  • Authors:

  • Travis Atkison;Kathleen Pensy;Charles Nicholas;David Ebert;Rebekah Atkison;Chris Morris

  • Affiliations:

  • Computer Science and Electrical Engineering Department, University of Maryland, Baltimore, Baltimore, MD;Computer Science and Electrical Engineering Department, University of Maryland, Baltimore, Baltimore, MD;Computer Science and Electrical Engineering Department, University of Maryland, Baltimore, Baltimore, MD;Computer Science and Electrical Engineering Department, University of Maryland, Baltimore, Baltimore, MD;Computer Science and Electrical Engineering Department, University of Maryland, Baltimore, Baltimore, MD;Computer Science and Electrical Engineering Department, University of Maryland, Baltimore, Baltimore, MD

  • Venue:
  • EGVISSYM'01 Proceedings of the 3rd Joint Eurographics - IEEE TCVG conference on Visualization
  • Year:
  • 2001

Quantified Score

Hi-index 0.00

Visualization

Abstract

We describe our efforts to analyze network intrusion detection data using information retrieval and visualization tools. By regarding Telnet sessions as documents, which may or may not include attacks, a session that contains a certain type of attack can be used as a query, allowing us to search the data for other instances of that same type of attack. The use of information visualization techniques allows us to quickly and clearly find the attacks and also find similar, potentially new types of attacks.