Title :
Visual Mining Intrusion Behaviors by Using Swarm Technology
Author :
Cui, Xiaohui ; Beaver, Justin ; Potok, Thomas ; Yang, Li
Author_Institution :
Comput. Sci. & Eng. Div., Oak Ridge Nat. Lab., Oak Ridge, TN, USA
Abstract :
The alerts produced by the real time intrusion detection systems, e.g. Snort, can be difficult for security administrators to efficiently review and respond to, due to the enormous amount of messages generated in a short time frame. In this research, we developed a technique, the swarm based visual data mining approach (SVDM), to help user gain insight into the alert event data of the intrusion detection system, come up with new hypothesis, and verify the hypothesis via the interaction between the human and the system. The SVDM system can efficiently help security administrators detect anomaly behaviors of malicious user in a large volume of high dimensional time-dependent state spaces. The output visual representation from this system exploits the human being´s innate ability to recognize patterns and utilizes this ability to help security administrators understand the relationship between the seemingly discrete security breaches.
Keywords :
data mining; real-time systems; security of data; alert event data; anomaly behavior detection; discrete security breach; malicious user; real time intrusion detection system; security administrator; swarm based visual data mining; swarm technology; visual mining intrusion behavior; visual representation; Data mining; Data visualization; Humans; IP networks; Network topology; Security; Visualization;
Conference_Titel :
System Sciences (HICSS), 2011 44th Hawaii International Conference on
Conference_Location :
Kauai, HI
Print_ISBN :
978-1-4244-9618-1
DOI :
10.1109/HICSS.2011.486
