Visual mining intrusion behaviors by using swarm technology

Xiaohui Cui, Justin Beaver, Thomas Potok, Li Yang

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

The alerts produced by the real time intrusion detection systems, e.g. Snort, can be difficult for security administrators to efficiently review and respond to, due to the enormous amount of messages generated in a short time frame. In this research, we developed a technique, the swarm based visual data mining approach (SVDM), to help user gain insight into the alert event data of the intrusion detection system, come up with new hypothesis, and verify the hypothesis via the interaction between the human and the system. The SVDM system can efficiently help security administrators detect anomaly behaviors of malicious user in a large volume of high dimensional time-dependent state spaces. The output visual representation from this system exploits the human being's innate ability to recognize patterns and utilizes this ability to help security administrators understand the relationship between the seemingly discrete security breaches.

Original languageEnglish
Title of host publicationProceedings of the 44th Annual Hawaii International Conference on System Sciences, HICSS-44 2010
DOIs
StatePublished - 2011
Event44th Hawaii International Conference on System Sciences, HICSS-44 2010 - Koloa, Kauai, HI, United States
Duration: Jan 4 2011Jan 7 2011

Publication series

NameProceedings of the Annual Hawaii International Conference on System Sciences
ISSN (Print)1530-1605

Conference

Conference44th Hawaii International Conference on System Sciences, HICSS-44 2010
Country/TerritoryUnited States
CityKoloa, Kauai, HI
Period01/4/1101/7/11

Keywords

  • Data mining
  • Intrusion
  • Swarm
  • Visualization

Fingerprint

Dive into the research topics of 'Visual mining intrusion behaviors by using swarm technology'. Together they form a unique fingerprint.

Cite this