Network security surveillance aid using intelligent visualization for knowledge extraction and decision making

Abstract

Web sites are likely to be regularly scanned and attacked by both automated and manual means. Intrusion Detection Systems (IDS) assist security analysts by automatically identifying potential attacks from network activity and produce alerts describing the details of these intrusions. However, IDS have problems, such as false positives, operational issues in high-speed environments and the difficulty of detecting unknown threats. Much of ID research has focused on improving the accuracy and operation of IDSs but surprisingly there has been very little research into supporting the security analysts' intrusion detection tasks. Lately, security analysts face an increasing workload as their networks expand and attacks become more frequent. In this chapter we describe an ongoing surveillance prototype system which offers a visual aid to the web security analyst by monitoring and exploring 3D graphs. The system offers a visual surveillance of the network activity on a web server for both normal and anomalous or malicious activity. Colours are used on the 3D graphics to indicate different categories of web attacks and the analyst has the ability to navigate into the web requests, of either normal or malicious traffic. The combination of interactive visualization and machine Intelligence facilitates the detection of flaws and intrusions in network security, the discovery of unknown threats and helps the analytical reasoning and the decision making process. © 2009 Springer-Verlag Berlin Heidelberg.