Scaling and Visualizing Network Data to Facilitate in Intrusion Detection Tasks
Abdullah, Kulsoom B.
MetadataShow full item record
As the trend of successful network attacks continue to rise, better forms of intrusion, detection and prevention are needed. This thesis addresses network traffic visualization techniques that aid administrators in recognizing attacks. A view of port statistics and Intrusion Detection System (IDS) alerts has been developed. Each help to address issues with analyzing large datasets involving networks. Due to the amount of traffic as well as the range of possible port numbers and IP addresses, scaling techniques are necessary. A port-based overview of network activity produces an improved representation for detecting and responding to malicious activity. We have found that presenting an overview using stacked histograms of aggregate port activity, combined with the ability to drill-down for finer details allows small, yet important details to be noticed and investigated without being obscured by large, usual traffic. Another problem administrators face is the cumbersome amount of alarm data generated from IDS sensors. As a result, important details are often overlooked, and it is difficult to get an overall picture of what is occurring in the network by manually traversing textual alarm logs. We have designed a novel visualization to address this problem by showing alarm activity within a network. Alarm data is presented in an overview from which system administrators can get a general sense of network activity and easily detect anomalies. They additionally have the option of then zooming and drilling down for details. Based on our system administrator requirements study, this graphical layout addresses what system administrators need to see, is faster and easier than analyzing text logs, and uses visualization techniques to effectively scale and display the data. With this design, we have built a tool that effectively uses operational alarm log data generated on the Georgia Tech campus network. For both of these systems, we describe the input data, the system design, and examples. Finally, we summarize potential future work.
Showing items related by title, author, creator and subject.
Sonification and visualization of narrative: Getting computing students to think aurally and visually rather thn audio-visually Vickers, P. (Georgia Institute of TechnologyInternational Community for Auditory Display, 2004-07)In this paper we describe a final-year undergraduate honours course that requires multimedia computing students to create narrative auditory and visual displays. The aim was to use discontinuity as a catalyst for creativity ...
Hailston, Kenneth W. (Georgia Institute of Technology, 2005-09-26)The current study examined two means of reducing uncertainty in visual search: 1) visual relatedness of a prime to the target (a data-driven, bottom-up processing) and 2) expectancy (a top-down process based on the proportion ...
Patterson, Michael J. (Georgia Institute of Technology, 1985-08)