Fundamentals of computer security technology
Fundamentals of computer security technology
ISSTA '94 Proceedings of the 1994 ACM SIGSOFT international symposium on Software testing and analysis
A linear iteration time layout algorithm for visualising high-dimensional data
Proceedings of the 7th conference on Visualization '96
Information exploration shootout or “benchmarks for information exploration” (panel)
Proceedings of the 7th conference on Visualization '96
VIS '97 Proceedings of the 8th conference on Visualization '97
A Visual Approach for Monitoring Logs
LISA '98 Proceedings of the 12th Conference on Systems Administration
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Visualizing Huge Tracefiles with Xscal
LISA '96 Proceedings of the 10th USENIX conference on System administration
Using Visualization in System and Network Administration
LISA '96 Proceedings of the 10th USENIX conference on System administration
Intrusion detection using sequences of system calls
Journal of Computer Security
Hi-index | 0.00 |
Carefully logging network activity is essential to meet the requirements of high security and optimal resource availability. However, detecting break-in attempts within this activity is a difficult task. Making the distinction between misuse and normal use is hard, and identifying intrusions that use novel attacks is fundamentally difficult. In this paper, we introduce a visual approach for analyzing network activity. This approach differs from anomaly and misuse detection because it considers human factors to support the exploration of network traffic. Our prototype application is based on an unsupervised neural network and consequently does not rely on any prior knowledge of the data being analyzed. We use self-organizing maps to project the network events on a space appropriate for visualization, and achieve their exploration using a map metaphor. The approach we present can be used to analyze past and present activities, as well as to show trends in the events. To demonstrate the usability of our tools, we describe the investigation of a dataset containing common intrusion patterns. We also discuss some weaknesses of current intrusion detection systems and propose a new paradigm for monitoring network activity that enables the discovery of new, sophisticated, and structured attacks.