Title :
Visualization techniques for intrusion behavior identification
Author :
Erbacher, Robert F. ; Garber, Menashe
Author_Institution :
Dept. of Comput. Sci., Utah State Univ., Logan, UT, USA
Abstract :
Current intrusion detection techniques are plagued with false positives and false negatives. Ensuring that intrusions are not missed requires that administrators filter through enormous numbers of false positives. In this work, we are attempting to improve the administrators ability to analyze the available data, make far more rapid assessments as to the nature of a given event or event stream, and identify anomalous activity not normally identified as such. To this end, we are exploring the roots of the identified activity, namely the underlying behavior of the users, hosts, and networks under the administrator´s auspices. We present here our work related to visualization as it applies to behavior and intrusion detection. We have found that the representations can be quite effective at conveying the needed information and resolving the relationships extremely rapidly.
Keywords :
data visualisation; security of data; anomalous activity identification; anomaly detection; behavior analysis; data visualization; false negatives; false positives; host behavior; intrusion behavior identification; intrusion detection; network behavior; user behavior; Computer hacking; Computer science; Data analysis; Data visualization; Information analysis; Intrusion detection; Probes; Telecommunication traffic;
Conference_Titel :
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
Print_ISBN :
0-7803-9290-6
DOI :
10.1109/IAW.2005.1495938
