TY - GEN
T1 - Visual mining intrusion behaviors by using swarm technology
AU - Cui, Xiaohui
AU - Beaver, Justin
AU - Potok, Thomas
AU - Yang, Li
PY - 2011
Y1 - 2011
N2 - The alerts produced by the real time intrusion detection systems, e.g. Snort, can be difficult for security administrators to efficiently review and respond to, due to the enormous amount of messages generated in a short time frame. In this research, we developed a technique, the swarm based visual data mining approach (SVDM), to help user gain insight into the alert event data of the intrusion detection system, come up with new hypothesis, and verify the hypothesis via the interaction between the human and the system. The SVDM system can efficiently help security administrators detect anomaly behaviors of malicious user in a large volume of high dimensional time-dependent state spaces. The output visual representation from this system exploits the human being's innate ability to recognize patterns and utilizes this ability to help security administrators understand the relationship between the seemingly discrete security breaches.
AB - The alerts produced by the real time intrusion detection systems, e.g. Snort, can be difficult for security administrators to efficiently review and respond to, due to the enormous amount of messages generated in a short time frame. In this research, we developed a technique, the swarm based visual data mining approach (SVDM), to help user gain insight into the alert event data of the intrusion detection system, come up with new hypothesis, and verify the hypothesis via the interaction between the human and the system. The SVDM system can efficiently help security administrators detect anomaly behaviors of malicious user in a large volume of high dimensional time-dependent state spaces. The output visual representation from this system exploits the human being's innate ability to recognize patterns and utilizes this ability to help security administrators understand the relationship between the seemingly discrete security breaches.
KW - Data mining
KW - Intrusion
KW - Swarm
KW - Visualization
UR - http://www.scopus.com/inward/record.url?scp=79952932889&partnerID=8YFLogxK
U2 - 10.1109/HICSS.2011.486
DO - 10.1109/HICSS.2011.486
M3 - Conference contribution
AN - SCOPUS:79952932889
SN - 9780769542829
T3 - Proceedings of the Annual Hawaii International Conference on System Sciences
BT - Proceedings of the 44th Annual Hawaii International Conference on System Sciences, HICSS-44 2010
T2 - 44th Hawaii International Conference on System Sciences, HICSS-44 2010
Y2 - 4 January 2011 through 7 January 2011
ER -