SVision: A novel visual network-anomaly identification technique
We propose a novel graphical technique (SVision) for intrusion detection, which pictures the network as a community of hosts independently roaming in a 3D space defined by the set of services that they use. The aim of SVision is to graphically cluster the hosts into normal and abnormal ones, highlig...
Gespeichert in:
Veröffentlicht in: | Computers & security 2007-05, Vol.26 (3), p.201-212 |
---|---|
Hauptverfasser: | , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | We propose a novel graphical technique (SVision) for intrusion detection, which pictures the network as a community of hosts independently roaming in a 3D space defined by the set of services that they use. The aim of SVision is to graphically cluster the hosts into normal and abnormal ones, highlighting only the ones that are considered as a threat to the network. Our experimental results conducted on DARPA 1999 and 2000 intrusion detection and evaluation datasets as well as real network data captured between 2003 and 2005 from the University of New Brunswick main link, and also a private network, show the proposed technique as a good candidate for the detection of various network threats such as vertical and horizontal scanning attacks, Denial of Service (DoS) attacks, Distributed DoS (DDoS) attacks, as well as worm propagation attack. Finally, the visualization technique proves to cope with high number of hosts in the network, the experimental results using network data of up to 1,000,000 distinct IPs per time interval. |
---|---|
ISSN: | 0167-4048 1872-6208 |
DOI: | 10.1016/j.cose.2006.10.001 |