DocumentCode
2595833
Title
Visual Mining Intrusion Behaviors by Using Swarm Technology
Author
Cui, Xiaohui ; Beaver, Justin ; Potok, Thomas ; Yang, Li
Author_Institution
Comput. Sci. & Eng. Div., Oak Ridge Nat. Lab., Oak Ridge, TN, USA
fYear
2011
fDate
4-7 Jan. 2011
Firstpage
1
Lastpage
7
Abstract
The alerts produced by the real time intrusion detection systems, e.g. Snort, can be difficult for security administrators to efficiently review and respond to, due to the enormous amount of messages generated in a short time frame. In this research, we developed a technique, the swarm based visual data mining approach (SVDM), to help user gain insight into the alert event data of the intrusion detection system, come up with new hypothesis, and verify the hypothesis via the interaction between the human and the system. The SVDM system can efficiently help security administrators detect anomaly behaviors of malicious user in a large volume of high dimensional time-dependent state spaces. The output visual representation from this system exploits the human being´s innate ability to recognize patterns and utilizes this ability to help security administrators understand the relationship between the seemingly discrete security breaches.
Keywords
data mining; real-time systems; security of data; alert event data; anomaly behavior detection; discrete security breach; malicious user; real time intrusion detection system; security administrator; swarm based visual data mining; swarm technology; visual mining intrusion behavior; visual representation; Data mining; Data visualization; Humans; IP networks; Network topology; Security; Visualization;
fLanguage
English
Publisher
ieee
Conference_Titel
System Sciences (HICSS), 2011 44th Hawaii International Conference on
Conference_Location
Kauai, HI
ISSN
1530-1605
Print_ISBN
978-1-4244-9618-1
Type
conf
DOI
10.1109/HICSS.2011.486
Filename
5718858
Link To Document