Intrusion behavior detection through visualization

Author

Erbacher, Robert F.

Author_Institution

Dept. of Comput. Sci., Albany Univ., NY, USA

Volume

3

fYear

2003

fDate

5-8 Oct. 2003

Firstpage

2507

Abstract

As computer and network intrusions become more and more of a concern, the need for better capabilities to assist in the detection and analysis of intrusions also increases. We propose a methodology for analyzing network and computer log information visually based on the analysis of user behavior. Each user´s behavior is the key to determining their intent and overriding goals, whether they attempt to hide their actions or not. Proficient hackers will attempt to hide their ultimate goal, which hinders the reliability of log file analysis. Visually analyzing the user´s behavior, however, is much more adaptable and difficult to counteract. This paper will discuss how user behavior can be exhibited within the visualization techniques, the capabilities provided by the environment, typical characteristics users should look out for (i.e., how unusual behavior exhibits itself), and exploration paradigms effective for identifying the meaning behind the user´s behavior.

Keywords

computer crime; data visualisation; reliability; user interfaces; computer intrusions; computer log information; hackers; intrusion behavior detection; log file analysis; network intrusions; network log information; reliability; user behavior analysis; visualization techniques; Computer hacking; Computer network reliability; Computer networks; Computer science; Computer security; Forensics; Information analysis; Intrusion detection; Pattern matching; Visualization;

fLanguage

English

Publisher

ieee

Conference_Titel

Systems, Man and Cybernetics, 2003. IEEE International Conference on

ISSN

1062-922X

Print_ISBN

0-7803-7952-7

Type

conf

DOI

10.1109/ICSMC.2003.1244260

Filename

1244260