Online citations, reference lists, and bibliographies.

Visualisation For Intrusion Detection Hooking The Worm

S. Axelsson
Published 2003 ·

Cite This
Download PDF
Analyze on Scholarcy
Share
Even though intrusion detection systems have been studied for a number of years several problems remain; chiefly low detection rates and high false alarm rates. Instead of building automated alarms that trigger when a computer security violation takes place, we propose to visualise the state of the computer system such that the operator himself can determine whether a violation has taken place. In effect replacing the “burglar alarm” with a “security camera”. In order to illustrate the use of visualisation for intrusion detection purposes, we applied a trellis plot of parallel coordinate visualisations to the log of a small personal web server. The intent was to find patterns of malicious activity from so called worms, and to be able to distinguish between them and benign traffic. Several such patterns were found, including one that was unknown at the time to the security community at large.
This paper references



This paper is referenced by
10.1007/0-387-33406-8_24
VisFlowCluster-IP: Connectivity-Based Visual Clustering of Network Hosts
Xiaoxin Yin (2006)
10.1109/VIZSEC.2009.5375527
Visualization of complex attacks and state of attacked network
A. Yelizarov (2009)
10.4108/ICST.MOBIQUITOUS.2014.258064
NubiVis: a personal cloud file explorer
Josef Spillner (2014)
A Link-Based Visualization of Netflows for Security Monitoring
W. Yurcik (2006)
Visualization of Log Files of Embedded Broadband Modules
Ilya Belianka (2012)
10.1109/IWIA.2005.17
The design of VisFlowConnect-IP: a link analysis system for IP security situational awareness
Xiaoxin Yin (2005)
10.3756/ARTSCI.4.1
Recent Trend of Information Design and Information Visualization Studying from Web Navigation Techniques
T. Kikuchi (2005)
10.1145/2254556.2254688
Envisioning grid vulnerabilities: multi-dimensional visualization for electrical grid planning
Rosa Romero Gómez (2012)
Towards a Multimodal Human-Computer Interface to Analyze Intrusion Detection in Computer Networks
M. A. García-Ruiz (2006)
Interactive visualisation for the discovery of cyber security threats.
J. R. Elder (2017)
10.1109/MCG.2006.34
Hierarchical visualization of network intrusion detection data
T. Itoh (2006)
10.1007/11602897_38
PCAV: Internet Attack Visualization on Parallel Coordinates
Hyunsang Choi (2005)
VisFlowConnect-IP: An Animated Link Analysis Tool For Visualizing Netflows
Xiaoxin Yin (2005)
10.1109/COMST.2015.2450538
A Survey on Information Visualization for Network and Service Management
Vinicius Tavares Guimaraes (2016)
10.1007/1-4020-8143-X_17
Visualising Intrusions: Watching the Webserver
S. Axelsson (2004)
10.1007/0-387-27636-X
Understanding Intrusion Detection Through Visualization
S. Axelsson (2006)
A Survey, Taxonomy, and Analysis of Network Security Visualization Techniques
Rawiroj Robert Kasemsri (2005)
10.1145/1029208.1029224
Combining a bayesian classifier with visualisation: understanding the IDS
S. Axelsson (2004)
Semantic Scholar Logo Some data provided by SemanticScholar