Case Study: Visualization and Information Retrieval Techniques for Network Intrusion Detection
We describe our efforts to analyze network intrusion detection data using information retrieval and visualization tools. By regarding Telnet sessions as documents, which may or may not include attacks, a session that contains a certain type of attack can be used as a query, allowing us to search the data for other instances of that same type of attack. The use of information visualization techniques allows us to quickly and clearly find the attacks and also find similar, potentially new types of attacks.
KeywordsInformation Retrieval Intrusion Detection Information Visualization Network Attack Information Retrieval Technique
Unable to display preview. Download preview PDF.
- [CUNN99]R. K. Cunningham, R. P. Lippmann, D. J. Fried, S. L. Garfinkel, I. Graf, K. R. Kendall, S. E. Webster, D. Wyschogrod, M. A. Zissman, “Evaluating Intrusion Detection Systems without Attacking your Friends: The 1998 DARPA Intrusion Detection Evaluation,” SANS, 1999.Google Scholar
- [EBER96]Ebert, D., Shaw, C, Zwa, A., and Starr, C. “Two-handed Interactive Stereoscopic Visualization,” IEEE Visualization’ 96 1996.Google Scholar
- [EBER97]Ebert, D, Kukla, J., Shaw, C, Zwa, A., Soboroff, I., and Roberts, DA., “Automatic Shape Interpolation for Glyph-based Information Visualization,” IEEE Visualization 97 Late Breaking Hot Topics, October 1997, Phoenix, AZ.Google Scholar
- [KEND99]K. Kendall, “A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems”, S. M. Thesis, MIT Department of Electrical Engineering and Computer Science, June 1999.Google Scholar
- [LIPPOO]Richard P. Lippmann, David J. Fried, Isaac Graf, Joshua W. Haines, Kristopher R. Kendall, David McClung, Dan Weber, Seth E. Webster, Dan Wyschogrod, Robert K. Cunningham, and Marc A. Zissman, “Evaluating Intrusion Detection Systems: The 1998 DARPA Off-Line Intrusion Detection Evaluation,” in Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, 2000, Vol 2.Google Scholar
- [MILL99]Ethan L. Miller, Dan Shen, Junli Liu, Charles Nicholas, and Ting Chen, “Techniques for Gigabyte-Scale N-gram Based Information Retrieval on Personal Computers,” Proceedings of the 1999 International Conference on Parallel and Distributed Processing Techniques and Applications (PDPTA’ 99), Las Vegas, NV.Google Scholar
- [MYSQL] “MySQL Reference Manual”, http://www.mysql.com/documentation/index.html
- [PEAR97]Claudia Pearce and Ethan Miller, “The TELLTALE Dynamic Hypertext Environment: Approaches to Scalability,” in Advances in Intelligent Hypertext, J. Mayfield and C. Nicholas, eds. Lecture Notes in Computer Science 1326, Springer-Verlag.Google Scholar