MOVICAB-IDS: Visual Analysis of Network Traffic Data Streams for Intrusion Detection

  • Álvaro Herrero
  • Emilio Corchado
  • José Manuel Sáiz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4224)


MOVICAB-IDS enables the more interesting projections of a massive traffic data set to be analysed, thereby providing an overview of any possible anomalous situations taking place on a computer network. This IDS responds to the challenges presented by traffic volume and diversity. It is a connectionist agent-based model extended by means of a functional and mobile visualization interface. The IDS is designed to be more flexible, accessible and portable by running on a great variety of applications, including small mobile ones such as PDA’s, mobile phones or embedded devices. Furthermore, its effectiveness has been demonstrated in different tests.


Unsupervised Learning Neural Networks Exploratory Projection Pursuit Multiagent Systems Computer Network Security Intrusion Detection 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abraham, A., Grosan, C., Martin-Vide, C.: Evolutionary Design of Intrusion Detection Programs. International Journal of Network Security (2006) Google Scholar
  2. 2.
    Julisch, K.: Data Mining for Intrusion Detection: A Critical Review. Research Report RZ 3398, IBM Zurich Research Laboratory. Switzerland (2002) Google Scholar
  3. 3.
    Lee, W., Stolfo, S.J.: A Framework for Constructing Features and Models for Intrusion Detection Systems. In: ACM Transactions on Information and System Security (TISSEC) 3(4)227–261 (2000)Google Scholar
  4. 4.
    Herrero, A., Corchado, E., Sáiz, J.M.: A Cooperative Unsupervised Connectionist Model Applied to Identify Anomalous Massive SNMP Data Sending. In: Wang, L., Chen, K., S. Ong, Y. (eds.) ICNC 2005. LNCS, vol. 3610, pp. 778–782. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Corchado, E., Herrero, A., Sáiz, J.M.: Detecting Compounded Anomalous SNMP Situations Using Unsupervised Pattern Recognition. In: Duch, W., Kacprzyk, J., Oja, E., Zadrożny, S. (eds.) ICANN 2005. LNCS, vol. 3697, pp. 905–910. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Zanero, S., Savaresi, S.M.: Unsupervised Learning Techniques for an Intrusion Detection System. In: Proceedings of the ACM Symposium on Applied Computing, pp. 412–419 (2004)Google Scholar
  7. 7.
    Marchette, D.J.: Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint. In: Information Science and Statistics. Springer, Heidelberg (2001)Google Scholar
  8. 8.
    Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: Proceedings of the 13th Systems Administration Conference, LISA 1999 (1999)Google Scholar
  9. 9.
    Goldring, T.: Scatter (and Other) Plots for Visualizing User Profiling Data and Network Traffic. In: Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security (2004)Google Scholar
  10. 10.
    Muelder, C., Ma, K.-L., Bartoletti, T.: Interactive Visualization for Network and Port Scan Detection. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 265–283. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Abdullah, K., Lee, C., Conti, G., Copeland, J.A.: Visualizing Network Data for Intrusion Detection. In: Proceedings of the IEEE Workshop on Information Assurance and Security, pp. 100–108 (2002)Google Scholar
  12. 12.
    MRTG: The Multi Router Traffic Grapher,
  13. 13.
    Wooldridge, M.: Multiagent Systems: A Modern Approach to Distributed Artificial Intelligence. Gerhard Weiss (1999)Google Scholar
  14. 14.
    Corchado, E., Han, Y., Fyfe, C.: Structuring Global Responses of Local Filters Using Lateral Connections. Journal of Experimental and Theoretical Artificial Intelligence 15(4), 473–487 (2003)zbMATHCrossRefGoogle Scholar
  15. 15.
    Corchado, E., Fyfe, C.: Connectionist Techniques for the Identification and Suppression of Interfering Underlying Factors. International Journal of Pattern Recognition and Artificial Intelligence 17(8), 1447–1466 (2003)CrossRefGoogle Scholar
  16. 16.
    Corchado, E., Corchado, J.M., Sáiz, L., Lara, A.: Constructing a Global and Integral Model of Business Management Using a CBR System. In: Luo, Y. (ed.) CDVE 2004. LNCS, vol. 3190, pp. 141–147. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Friedman, J., Tukey, J.: A Projection Pursuit Algorithm for Exploratory Data Analysis. IEEE Transaction on Computers 23, 881–890 (1974)zbMATHCrossRefGoogle Scholar
  18. 18.
    Hyvärinen, A.: Complexity Pursuit: Separating Interesting Components from Time Series. Neural Computation 13(4), 883–898 (2001)zbMATHCrossRefGoogle Scholar
  19. 19.
    Corchado, E., MacDonald, D., Fyfe, C.: Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit. Data Mining and Knowledge Discovery 8(3), 203–225 (2004)CrossRefMathSciNetGoogle Scholar
  20. 20.
    Fyfe, C., Corchado, E.: Maximum Likelihood Hebbian Rules. In: Proceedings of the European Symposium on Artificial Neural Networks, pp. 143–148 (2002)Google Scholar
  21. 21.
    Seung, H.S., Socci, N.D., Lee, D.: The Rectified Gaussian Distribution. Advances in Neural Information Processing Systems 10, 350–356 (1998)Google Scholar
  22. 22.
    Dreger, H., Feldmann, A., Paxson, V., Sommer, R.: Operational Experiences with High-Volume Network Intrusion Detection. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 2–11. ACM Press, New York (2004)Google Scholar
  23. 23.
    Oja, E.: Neural Networks, Principal Components and Subspaces. International Journal of Neural Systems 1, 61–68 (1989)CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Álvaro Herrero
    • 1
  • Emilio Corchado
    • 1
  • José Manuel Sáiz
    • 1
  1. 1.Department of Civil EngineeringUniversity of BurgosSpain

Personalised recommendations