Efficient Presentation of Multivariate Audit Data for Intrusion Detection of Web-Based Internet Services
This paper presents an efficient implementation technique for presenting multivariate audit data needed by statistical-based intrusion detection systems. Multivariate data analysis is an important tool in statistical intrusion detection systems. Typically, multivariate statistical intrusion detection systems require visualization of the multivariate audit data in order to facilitate close inspection by security administrators during profile creation and intrusion alerts. However, when applying these intrusion detection schemes to web-based Internet applications, the space complexity of the visualization process is usually prohibiting due to the large number of resources managed by the web server. In order for the approach to be adopted effectively in practice, this paper presents an efficient technique that allows manipulation and visualization of a large amount of multivariate data. Experimental results show that our technique greatly reduces the space requirement of the visualization process, thus allowing the approach to be adopted for monitoring web-based Internet applications.
KeywordsNetwork security Intrusion detection Multivariate data analysis Data visualization
Unable to display preview. Download preview PDF.
- 1.Power, R.: 2002 CSI/FBI Computer Crime and Security Survey (2002), http://www.gocsi.com
- 3.Cunningham, R.K., et al.: Evaluation Intrusion Detection Systems without Attacking your Friends: The 1998 DAPRA Intrusion Detection Evaluation, Lincoln Laboratory, MIT, USA (1998)Google Scholar
- 5.Ye, N., et al.: Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection. IEEE Trans. on Computers 51(7) (2002)Google Scholar
- 6.Ye, N., et al.: Probabilistic Techniques for Intrusion Detection Based on Computer Audit Data. IEEE Transactions on Systems, Man, and Cybernetics – Part A: Systems and Humans 31(4) (2001)Google Scholar
- 9.Girardin, L., Brodbeck, D.: A visual appraoch for monitoring logs. In: Proc. of the Twelth Systems Administration Conf., p. 299. USENIX Association, Berkeley (1998)Google Scholar
- 11.Golub, G.H., Yon Lean, C.F.: Matrix Computation. John Hopkins Univ Press, Baltimore (1983)Google Scholar