Visual Mining Intrusion Behaviors by Using Swarm Technology

Author

Cui, Xiaohui ; Beaver, Justin ; Potok, Thomas ; Yang, Li

Author_Institution

Comput. Sci. & Eng. Div., Oak Ridge Nat. Lab., Oak Ridge, TN, USA

fYear

2011

fDate

4-7 Jan. 2011

Firstpage

1

Lastpage

7

Abstract

The alerts produced by the real time intrusion detection systems, e.g. Snort, can be difficult for security administrators to efficiently review and respond to, due to the enormous amount of messages generated in a short time frame. In this research, we developed a technique, the swarm based visual data mining approach (SVDM), to help user gain insight into the alert event data of the intrusion detection system, come up with new hypothesis, and verify the hypothesis via the interaction between the human and the system. The SVDM system can efficiently help security administrators detect anomaly behaviors of malicious user in a large volume of high dimensional time-dependent state spaces. The output visual representation from this system exploits the human being´s innate ability to recognize patterns and utilizes this ability to help security administrators understand the relationship between the seemingly discrete security breaches.

Keywords

data mining; real-time systems; security of data; alert event data; anomaly behavior detection; discrete security breach; malicious user; real time intrusion detection system; security administrator; swarm based visual data mining; swarm technology; visual mining intrusion behavior; visual representation; Data mining; Data visualization; Humans; IP networks; Network topology; Security; Visualization;

fLanguage

English

Publisher

ieee

Conference_Titel

System Sciences (HICSS), 2011 44th Hawaii International Conference on

Conference_Location

Kauai, HI

ISSN

1530-1605

Print_ISBN

978-1-4244-9618-1

Type

conf

DOI

10.1109/HICSS.2011.486

Filename

5718858