Hierarchical clustering and visualization of aggregate cyber data

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

Most commercial intrusion detections systems (IDS) can produce a very high volume of alerts, and are typically plagued by a high false positive rate. The approach described here uses Splunk to aggregate IDS alerts. The aggregated IDS alerts are retrieved from Splunk programmatically and are then clustered using text analysis and visualized using a sunburst diagram to provide an additional understanding of the data. The equivalent of what the cluster analysis and visualization provides would require numerous detailed queries using Splunk and considerable manual effort.

Original languageEnglish
Title of host publicationIWCMC 2011 - 7th International Wireless Communications and Mobile Computing Conference
Pages1287-1291
Number of pages5
DOIs
StatePublished - 2011
Event7th International Wireless Communications and Mobile Computing Conference, IWCMC 2011 - Istanbul, Turkey
Duration: Jul 4 2011Jul 8 2011

Publication series

NameIWCMC 2011 - 7th International Wireless Communications and Mobile Computing Conference

Conference

Conference7th International Wireless Communications and Mobile Computing Conference, IWCMC 2011
Country/TerritoryTurkey
CityIstanbul
Period07/4/1107/8/11

Keywords

  • IDS analysis
  • hierarchical clustering
  • sunburst visualization
  • vector space model

Fingerprint

Dive into the research topics of 'Hierarchical clustering and visualization of aggregate cyber data'. Together they form a unique fingerprint.

Cite this