Efficient Presentation of Multivariate Audit Data for Intrusion Detection of Web-Based Internet Services

  • Zhi Guo
  • Kwok-Yan Lam
  • Siu-Leung Chung
  • Ming Gu
  • Jia-Guang Sun
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2846)


This paper presents an efficient implementation technique for presenting multivariate audit data needed by statistical-based intrusion detection systems. Multivariate data analysis is an important tool in statistical intrusion detection systems. Typically, multivariate statistical intrusion detection systems require visualization of the multivariate audit data in order to facilitate close inspection by security administrators during profile creation and intrusion alerts. However, when applying these intrusion detection schemes to web-based Internet applications, the space complexity of the visualization process is usually prohibiting due to the large number of resources managed by the web server. In order for the approach to be adopted effectively in practice, this paper presents an efficient technique that allows manipulation and visualization of a large amount of multivariate data. Experimental results show that our technique greatly reduces the space requirement of the visualization process, thus allowing the approach to be adopted for monitoring web-based Internet applications.


Network security Intrusion detection Multivariate data analysis Data visualization 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Power, R.: 2002 CSI/FBI Computer Crime and Security Survey (2002), http://www.gocsi.com
  2. 2.
    Denning, D.E.: An intrusion detection model. IEEE Trans on Software Engineering SE-13, 222–232 (1987)CrossRefGoogle Scholar
  3. 3.
    Cunningham, R.K., et al.: Evaluation Intrusion Detection Systems without Attacking your Friends: The 1998 DAPRA Intrusion Detection Evaluation, Lincoln Laboratory, MIT, USA (1998)Google Scholar
  4. 4.
    Biermann, E., Cloete, E., Venter, L.M.: A Comparison of Intrusion Detection Systems. Computers & Security 20, 676–683 (2001)CrossRefGoogle Scholar
  5. 5.
    Ye, N., et al.: Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection. IEEE Trans. on Computers 51(7) (2002)Google Scholar
  6. 6.
    Ye, N., et al.: Probabilistic Techniques for Intrusion Detection Based on Computer Audit Data. IEEE Transactions on Systems, Man, and Cybernetics – Part A: Systems and Humans 31(4) (2001)Google Scholar
  7. 7.
    Lam, K.-Y., Hui, L., Chung, S.-L.: Multivariate Data Analysis Software for Enhancing System Security. J. Systems Software 31, 267–275 (1995)CrossRefGoogle Scholar
  8. 8.
    De Backer, S., Naud, A., Scheunders, P.: Non-linear dimensionality reduction techniques for unsupervised feature extraction. Pattern Recognition Letters 19, 711–720 (1998)MATHCrossRefGoogle Scholar
  9. 9.
    Girardin, L., Brodbeck, D.: A visual appraoch for monitoring logs. In: Proc. of the Twelth Systems Administration Conf., p. 299. USENIX Association, Berkeley (1998)Google Scholar
  10. 10.
    Jacob, B.: Linear Algebra. Freeman, New York (1990)MATHGoogle Scholar
  11. 11.
    Golub, G.H., Yon Lean, C.F.: Matrix Computation. John Hopkins Univ Press, Baltimore (1983)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Zhi Guo
    • 1
  • Kwok-Yan Lam
    • 1
  • Siu-Leung Chung
    • 2
  • Ming Gu
    • 1
  • Jia-Guang Sun
    • 1
  1. 1.School of SoftwareTsinghua UniversityBeijingPR China
  2. 2.School of Business AdministrationThe Open University of Hong Kong 

Personalised recommendations