Abstract
Web sites are likely to be regularly scanned and attacked by both automated and manual means. Intrusion Detection Systems (IDS) assist security analysts by automatically identifying potential attacks from network activity and produce alerts describing the details of these intrusions. However, IDS have problems, such as false positives, operational issues in high-speed environments and the difficulty of detecting unknown threats. Much of ID research has focused on improving the accuracy and operation of IDSs but surprisingly there has been very little research into supporting the security analysts’ intrusion detection tasks. Lately, security analysts face an increasing workload as their networks expand and attacks become more frequent. In this chapter we describe an ongoing surveillance prototype system which offers a visual aid to the web security analyst by monitoring and exploring 3D graphs. The system offers a visual surveillance of the network activity on a web server for both normal and anomalous or malicious activity. Colours are used on the 3D graphics to indicate different categories of web attacks and the analyst has the ability to navigate into the web requests, of either normal or malicious traffic. The combination of interactive visualization and machine Intelligence facilitates the detection of flaws and intrusions in network security, the discovery of unknown threats and helps the analytical reasoning and the decision making process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
CVE, Common Vulnerabilities and Exposures, The Standard for Information Security Vulnerability Names (2008), http://www.cve.mitre.org
Cobb, M.: Software security flaws begin and end with web application security (2008), http://searchsecurity.techtarget.com
Snort software (2008), http://www.snort.org
Komlodi, A., Goodall, J.R., Lutters, W.G.: An Information Visualization Framework for Intrusion Detection. In: CHI 2004 extended abstracts on Human factors in computing systems, Vienna, Austria, pp. 1743–1746. ACM press, New York (2004)
Andreinko, G., Keim, D.A.: European Research Forum Panel Session: Envisioning Research Challenges in Visual Analytics. In: Proceedings of the 10th International Conference on Information Visualization (IV 2006), London, UK, pp. 5–7 (2006)
Thomas, J., Cook, K.A.: A Visual Analytics Agenda. IEEE Transactions on Computer Graphics and Applications 26(1), 12–19 (2006)
Keim, D.A., Mansmann, F., Schneidewind, J., Ziegler, H.: Challenges in Visual Data Analysis. In: Proceedings of the 10th International Conference on Information Visualization (IV 2006), London, UK, pp. 9–14 (2006)
Kruegel, C., Vigna, G., Robertson, W.: A multi-model approach to the detection of web-based attacks. Computer Networks 48(5), 717–738 (2005)
Cho, S., Cha, S.: SAD: web session anomaly detection based on parameter estimation. Computers & Security 23(4), 312–319 (2004)
Ingham, K.L., Somayaji, A., Burge, J., Forrest, S., Learning, D.F.A.: representations of HTTP for protecting web applications. Computer Networks 51(5), 1239–1255 (2007)
Halford, W.G.J., Orso, A.: AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. In: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering ASE 2005, Long Beach, CA, pp. 174–183 (2005)
Wassermann, G., Su, Z.: Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. In: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation PLDI 2007, San Diego, CA, pp. 32–41 (2007)
Kirda, E., Kruegel, C., Vigna, G., Jovanovic, N.: Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 330–337. Springer, Heidelberg (2007)
Kals, S., Kirda, E., Kruegel, C., Jovanovic, N., SecuBat, A.: Web Vulnerability Scanner. In: Proceedings of the 15th International Conference on World Wide Web 2006, Edinburgh, Scotland, pp. 247–256. ACM Press, New York (2006)
Keim, D.A., Mansmann, F., Schneidewind, J., Schreck, T.: Monitoring Network traffic with Radial Analyzer. In: 2006 Symposium On Visual Analytics, Baltimore, MD, pp. 123–128 (2006)
Teoh, S.-T., Ranjan, S., Nucci, A., Chuan, C.-N.: BGP Eye: A New Visualization Tool for Real-time Detection and Analysis of BGP Anomalies. In: Proceedings of the 3rd International Workshop on Visualization for Computer Security VizSEC 2006, Alexandria, Virginia, pp. 81–90 (2006)
Teoh, S.-T., Ma, K.-L., Wu, S.-F., Jankun-Kelly, T.J.: Detecting Flaws and Intruders with Visual Data Analysis. Computer Graphics and Applications 24(5), 27–35 (2004)
Axelsson, S.: Combining a Bayesian Classifier with Visualisation: Understanding the IDS. In: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp. 99–108. ACM Press, Washington (2004)
Chirillo, J.: The Top 75 Hack Attacks. In: Long, C.A. (ed.) Hack attacks revelead, 2nd edn. Wiley, Indianapolis (2002)
Fingerprinting Port 80 Attacks, A look into web server and web application attack signatures, admin@cgisecurity.com (2002)
Carpenter, G., Grossberg, S.: A Massively Parallel Architecture for a Self-Organizing Neural Pattern Recognition Machine. Computer Vision, Graphics and Image Processing 37, 54–115 (1987)
Xydas, I., Miaoulis, G., Bonnefoi, P.-F., Plemenos, D., Ghazanfarpour, D.: 3D Graph Visualisation of Web Normal and Malicious Traffic. In: Proceedings of the 10th International Conference on Information Visualization (IV 2006), London, UK, pp. 621–629 (2006), doi:10.1109/iv.2006.2.
Haykin, S.: Neural networks, a comprehensive foundation, 2nd edn. Prentice-Hall, Englewood Cliffs (1999)
Montana, D., Davis, L.: Training feedforward neural networks using genetic algorithms. In: Proceedings of 11th International Joint Conference Artificial Intelligence, pp. 762–767. Morgan Kaufmann, San Francisco (1989)
GraphViz software, http://www.graphviz.org
Tulip software, http://www.tulip-software.org
Xydas, I.: Network security policy surveillance aid using intelligent visual representation and knowledge extraction from a network operation graph, Doctoral dissertation, University of Limoges, France (2007)
Webb, A.: Statistical Pattern Recognition, 2nd edn. Wiley, England (2005)
Hogg, R., Tanis, E.: Probability and Statistical Inference, 7th edn. Pearson Prentice Hall, NJ (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Xydas, I. (2009). Network Security Surveillance Aid Using Intelligent Visualization for Knowledge Extraction and Decision Making. In: Miaoulis, G., Plemenos, D. (eds) Intelligent Scene Modelling Information Systems. Studies in Computational Intelligence, vol 181. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-92902-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-92902-4_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-92901-7
Online ISBN: 978-3-540-92902-4
eBook Packages: EngineeringEngineering (R0)