2011 44th Hawaii International Conference on System Sciences (2011)
Jan. 4, 2011 to Jan. 7, 2011
The alerts produced by the real time intrusion detection systems, e.g. Snort, can be difficult for security administrators to efficiently review and respond to, due to the enormous amount of messages generated in a short time frame. In this research, we developed a technique, the swarm based visual data mining approach (SVDM), to help user gain insight into the alert event data of the intrusion detection system, come up with new hypothesis, and verify the hypothesis via the interaction between the human and the system. The SVDM system can efficiently help security administrators detect anomaly behaviors of malicious user in a large volume of high dimensional time-dependent state spaces. The output visual representation from this system exploits the human being's innate ability to recognize patterns and utilizes this ability to help security administrators understand the relationship between the seemingly discrete security breaches.
data mining, real-time systems, security of data
X. Cui, J. Beaver, T. Potok and L. Yang, "Visual Mining Intrusion Behaviors by Using Swarm Technology," 2011 44th Hawaii International Conference on System Sciences(HICSS), Kauai, Hawaii USA, 2011, pp. 1-7.