R.F. Erbacher and M. Garber (USA)
Intrusion detection, information visualization, anomalydetection, behavior analysis
Current intrusion detection techniques are plagued with false positives and false negatives. Ensuring that intru sions are not missed requires that administrators filter through enormous numbers of false positives. In this work, we are attempting to improve the administrators ability to analyze the available data, make far more rapid assessments as to the nature of a given event or event stream, and identify anomalous activity not normally identified as such. To this end, we are exploring the roots of the identified activity, namely the underlying behavior of the users, hosts, and networks under the administrator's auspices. We present here our work related to visualiza tion as it applies to behavior and intrusion detection. We have found that the representations can be quite effective at conveying the needed information and resolving the re lationships extremely rapidly.
Important Links:
Go Back
