Title :
Hierarchical clustering and visualization of aggregate cyber data
Author :
Patton, Robert M. ; Beaver, Justin M. ; Steed, Chad A. ; Potok, Thomas E. ; Treadwell, Jim N.
Author_Institution :
Appl. Software Eng. Res., Oak Ridge Nat. Lab., Oak Ridge, TN, USA
Abstract :
Most commercial intrusion detections systems (IDS) can produce a very high volume of alerts, and are typically plagued by a high false positive rate. The approach described here uses Splunk to aggregate IDS alerts. The aggregated IDS alerts are retrieved from Splunk programmatically and are then clustered using text analysis and visualized using a sunburst diagram to provide an additional understanding of the data. The equivalent of what the cluster analysis and visualization provides would require numerous detailed queries using Splunk and considerable manual effort.
Keywords :
data visualisation; pattern clustering; security of data; text analysis; IDS alert; Splunk; aggregate cyber data; cluster analysis; false positive rate; intrusion detection system; sunburst diagram; text analysis; text visualization; Computer security; Correlation; Data visualization; Flexible printed circuits; Intrusion detection; Mice; Reliability; IDS analysis; hierarchical clustering; sunburst visualization; vector space model;
Conference_Titel :
Wireless Communications and Mobile Computing Conference (IWCMC), 2011 7th International
Conference_Location :
Istanbul
Print_ISBN :
978-1-4244-9539-9
DOI :
10.1109/IWCMC.2011.5982725
