Computer Network User Behaviour Visualisation Using Self Organising Maps

Abstract

Computer systems are vulnerable to abuse by insiders and to penetration by outsiders. The amount of monitoring data generated in computer networks is enormous. Tools are needed to ease the work of system operators. Anomaly detection attempts to recognise abnormal behaviour to detect intrusions. A prototype Anomaly Detection System has been constructed. The system provides means for automatic anomaly detection and user behaviour visualisation. The system consists of a data gathering component, a user behaviour visualisation component, an automatic anomaly detection component and a user interface. This paper is focused on the user behaviour visualisation component. This component uses large Self Organising Maps as a basis. The construction and the usage of the component is presented. Some discussion on comments from the test usage of the Anomaly Detection System is also provided.