Skip to main content
SpringerLink
Log in

Network Security Surveillance Aid Using Intelligent Visualization for Knowledge Extraction and Decision Making

  • Chapter
Intelligent Scene Modelling Information Systems

Part of the book series: Studies in Computational Intelligence ((SCI,volume 181))

  • 366 Accesses

Abstract

Web sites are likely to be regularly scanned and attacked by both automated and manual means. Intrusion Detection Systems (IDS) assist security analysts by automatically identifying potential attacks from network activity and produce alerts describing the details of these intrusions. However, IDS have problems, such as false positives, operational issues in high-speed environments and the difficulty of detecting unknown threats. Much of ID research has focused on improving the accuracy and operation of IDSs but surprisingly there has been very little research into supporting the security analysts’ intrusion detection tasks. Lately, security analysts face an increasing workload as their networks expand and attacks become more frequent. In this chapter we describe an ongoing surveillance prototype system which offers a visual aid to the web security analyst by monitoring and exploring 3D graphs. The system offers a visual surveillance of the network activity on a web server for both normal and anomalous or malicious activity. Colours are used on the 3D graphics to indicate different categories of web attacks and the analyst has the ability to navigate into the web requests, of either normal or malicious traffic. The combination of interactive visualization and machine Intelligence facilitates the detection of flaws and intrusions in network security, the discovery of unknown threats and helps the analytical reasoning and the decision making process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CVE, Common Vulnerabilities and Exposures, The Standard for Information Security Vulnerability Names (2008), http://www.cve.mitre.org

  2. Cobb, M.: Software security flaws begin and end with web application security (2008), http://searchsecurity.techtarget.com

  3. Snort software (2008), http://www.snort.org

  4. Komlodi, A., Goodall, J.R., Lutters, W.G.: An Information Visualization Framework for Intrusion Detection. In: CHI 2004 extended abstracts on Human factors in computing systems, Vienna, Austria, pp. 1743–1746. ACM press, New York (2004)

    Google Scholar 

  5. Andreinko, G., Keim, D.A.: European Research Forum Panel Session: Envisioning Research Challenges in Visual Analytics. In: Proceedings of the 10th International Conference on Information Visualization (IV 2006), London, UK, pp. 5–7 (2006)

    Google Scholar 

  6. Thomas, J., Cook, K.A.: A Visual Analytics Agenda. IEEE Transactions on Computer Graphics and Applications 26(1), 12–19 (2006)

    Google Scholar 

  7. Keim, D.A., Mansmann, F., Schneidewind, J., Ziegler, H.: Challenges in Visual Data Analysis. In: Proceedings of the 10th International Conference on Information Visualization (IV 2006), London, UK, pp. 9–14 (2006)

    Google Scholar 

  8. Kruegel, C., Vigna, G., Robertson, W.: A multi-model approach to the detection of web-based attacks. Computer Networks 48(5), 717–738 (2005)

    Article  Google Scholar 

  9. Cho, S., Cha, S.: SAD: web session anomaly detection based on parameter estimation. Computers & Security 23(4), 312–319 (2004)

    Article  Google Scholar 

  10. Ingham, K.L., Somayaji, A., Burge, J., Forrest, S., Learning, D.F.A.: representations of HTTP for protecting web applications. Computer Networks 51(5), 1239–1255 (2007)

    Article  MATH  Google Scholar 

  11. Halford, W.G.J., Orso, A.: AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. In: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering ASE 2005, Long Beach, CA, pp. 174–183 (2005)

    Google Scholar 

  12. Wassermann, G., Su, Z.: Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. In: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation PLDI 2007, San Diego, CA, pp. 32–41 (2007)

    Google Scholar 

  13. Kirda, E., Kruegel, C., Vigna, G., Jovanovic, N.: Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 330–337. Springer, Heidelberg (2007)

    Google Scholar 

  14. Kals, S., Kirda, E., Kruegel, C., Jovanovic, N., SecuBat, A.: Web Vulnerability Scanner. In: Proceedings of the 15th International Conference on World Wide Web 2006, Edinburgh, Scotland, pp. 247–256. ACM Press, New York (2006)

    Chapter  Google Scholar 

  15. Keim, D.A., Mansmann, F., Schneidewind, J., Schreck, T.: Monitoring Network traffic with Radial Analyzer. In: 2006 Symposium On Visual Analytics, Baltimore, MD, pp. 123–128 (2006)

    Google Scholar 

  16. Teoh, S.-T., Ranjan, S., Nucci, A., Chuan, C.-N.: BGP Eye: A New Visualization Tool for Real-time Detection and Analysis of BGP Anomalies. In: Proceedings of the 3rd International Workshop on Visualization for Computer Security VizSEC 2006, Alexandria, Virginia, pp. 81–90 (2006)

    Google Scholar 

  17. Teoh, S.-T., Ma, K.-L., Wu, S.-F., Jankun-Kelly, T.J.: Detecting Flaws and Intruders with Visual Data Analysis. Computer Graphics and Applications 24(5), 27–35 (2004)

    Article  Google Scholar 

  18. Axelsson, S.: Combining a Bayesian Classifier with Visualisation: Understanding the IDS. In: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp. 99–108. ACM Press, Washington (2004)

    Chapter  Google Scholar 

  19. Chirillo, J.: The Top 75 Hack Attacks. In: Long, C.A. (ed.) Hack attacks revelead, 2nd edn. Wiley, Indianapolis (2002)

    Google Scholar 

  20. Fingerprinting Port 80 Attacks, A look into web server and web application attack signatures, admin@cgisecurity.com (2002)

    Google Scholar 

  21. Carpenter, G., Grossberg, S.: A Massively Parallel Architecture for a Self-Organizing Neural Pattern Recognition Machine. Computer Vision, Graphics and Image Processing 37, 54–115 (1987)

    Article  Google Scholar 

  22. Xydas, I., Miaoulis, G., Bonnefoi, P.-F., Plemenos, D., Ghazanfarpour, D.: 3D Graph Visualisation of Web Normal and Malicious Traffic. In: Proceedings of the 10th International Conference on Information Visualization (IV 2006), London, UK, pp. 621–629 (2006), doi:10.1109/iv.2006.2.

    Google Scholar 

  23. Haykin, S.: Neural networks, a comprehensive foundation, 2nd edn. Prentice-Hall, Englewood Cliffs (1999)

    MATH  Google Scholar 

  24. Montana, D., Davis, L.: Training feedforward neural networks using genetic algorithms. In: Proceedings of 11th International Joint Conference Artificial Intelligence, pp. 762–767. Morgan Kaufmann, San Francisco (1989)

    Google Scholar 

  25. GraphViz software, http://www.graphviz.org

  26. Tulip software, http://www.tulip-software.org

  27. Xydas, I.: Network security policy surveillance aid using intelligent visual representation and knowledge extraction from a network operation graph, Doctoral dissertation, University of Limoges, France (2007)

    Google Scholar 

  28. Webb, A.: Statistical Pattern Recognition, 2nd edn. Wiley, England (2005)

    Google Scholar 

  29. Hogg, R., Tanis, E.: Probability and Statistical Inference, 7th edn. Pearson Prentice Hall, NJ (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Technological Educational Institution of Athens, 28 Ag. Spyridonos Str., Egaleo, 12210, Athens, Greece

    Ioannis Xydas

Authors
  1. Ioannis Xydas
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Technological Education Institute of Athens, Greece

    Georgios Miaoulis

  2. Universite de Limoges, France

    Dimitri Plemenos

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Xydas, I. (2009). Network Security Surveillance Aid Using Intelligent Visualization for Knowledge Extraction and Decision Making. In: Miaoulis, G., Plemenos, D. (eds) Intelligent Scene Modelling Information Systems. Studies in Computational Intelligence, vol 181. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-92902-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-92902-4_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-92901-7

  • Online ISBN: 978-3-540-92902-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation