Network Security Surveillance Aid Using Intelligent Visualization for Knowledge Extraction and Decision Making

  • Ioannis Xydas

Abstract

Web sites are likely to be regularly scanned and attacked by both automated and manual means. Intrusion Detection Systems (IDS) assist security analysts by automatically identifying potential attacks from network activity and produce alerts describing the details of these intrusions. However, IDS have problems, such as false positives, operational issues in high-speed environments and the difficulty of detecting unknown threats. Much of ID research has focused on improving the accuracy and operation of IDSs but surprisingly there has been very little research into supporting the security analysts’ intrusion detection tasks. Lately, security analysts face an increasing workload as their networks expand and attacks become more frequent. In this chapter we describe an ongoing surveillance prototype system which offers a visual aid to the web security analyst by monitoring and exploring 3D graphs. The system offers a visual surveillance of the network activity on a web server for both normal and anomalous or malicious activity. Colours are used on the 3D graphics to indicate different categories of web attacks and the analyst has the ability to navigate into the web requests, of either normal or malicious traffic. The combination of interactive visualization and machine Intelligence facilitates the detection of flaws and intrusions in network security, the discovery of unknown threats and helps the analytical reasoning and the decision making process.

Keywords

Visual Analytics Web Visualization Web Intrusion Detection Evolutionary Artificial Neural Networks Network Security Surveillance Aid 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    CVE, Common Vulnerabilities and Exposures, The Standard for Information Security Vulnerability Names (2008), http://www.cve.mitre.org
  2. 2.
    Cobb, M.: Software security flaws begin and end with web application security (2008), http://searchsecurity.techtarget.com
  3. 3.
    Snort software (2008), http://www.snort.org
  4. 4.
    Komlodi, A., Goodall, J.R., Lutters, W.G.: An Information Visualization Framework for Intrusion Detection. In: CHI 2004 extended abstracts on Human factors in computing systems, Vienna, Austria, pp. 1743–1746. ACM press, New York (2004)Google Scholar
  5. 5.
    Andreinko, G., Keim, D.A.: European Research Forum Panel Session: Envisioning Research Challenges in Visual Analytics. In: Proceedings of the 10th International Conference on Information Visualization (IV 2006), London, UK, pp. 5–7 (2006)Google Scholar
  6. 6.
    Thomas, J., Cook, K.A.: A Visual Analytics Agenda. IEEE Transactions on Computer Graphics and Applications 26(1), 12–19 (2006)Google Scholar
  7. 7.
    Keim, D.A., Mansmann, F., Schneidewind, J., Ziegler, H.: Challenges in Visual Data Analysis. In: Proceedings of the 10th International Conference on Information Visualization (IV 2006), London, UK, pp. 9–14 (2006)Google Scholar
  8. 8.
    Kruegel, C., Vigna, G., Robertson, W.: A multi-model approach to the detection of web-based attacks. Computer Networks 48(5), 717–738 (2005)CrossRefGoogle Scholar
  9. 9.
    Cho, S., Cha, S.: SAD: web session anomaly detection based on parameter estimation. Computers & Security 23(4), 312–319 (2004)CrossRefGoogle Scholar
  10. 10.
    Ingham, K.L., Somayaji, A., Burge, J., Forrest, S., Learning, D.F.A.: representations of HTTP for protecting web applications. Computer Networks 51(5), 1239–1255 (2007)MATHCrossRefGoogle Scholar
  11. 11.
    Halford, W.G.J., Orso, A.: AMNESIA: Analysis and Monitoring for Neutralizing SQL-Injection Attacks. In: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering ASE 2005, Long Beach, CA, pp. 174–183 (2005)Google Scholar
  12. 12.
    Wassermann, G., Su, Z.: Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. In: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation PLDI 2007, San Diego, CA, pp. 32–41 (2007)Google Scholar
  13. 13.
    Kirda, E., Kruegel, C., Vigna, G., Jovanovic, N.: Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 330–337. Springer, Heidelberg (2007)Google Scholar
  14. 14.
    Kals, S., Kirda, E., Kruegel, C., Jovanovic, N., SecuBat, A.: Web Vulnerability Scanner. In: Proceedings of the 15th International Conference on World Wide Web 2006, Edinburgh, Scotland, pp. 247–256. ACM Press, New York (2006)CrossRefGoogle Scholar
  15. 15.
    Keim, D.A., Mansmann, F., Schneidewind, J., Schreck, T.: Monitoring Network traffic with Radial Analyzer. In: 2006 Symposium On Visual Analytics, Baltimore, MD, pp. 123–128 (2006)Google Scholar
  16. 16.
    Teoh, S.-T., Ranjan, S., Nucci, A., Chuan, C.-N.: BGP Eye: A New Visualization Tool for Real-time Detection and Analysis of BGP Anomalies. In: Proceedings of the 3rd International Workshop on Visualization for Computer Security VizSEC 2006, Alexandria, Virginia, pp. 81–90 (2006)Google Scholar
  17. 17.
    Teoh, S.-T., Ma, K.-L., Wu, S.-F., Jankun-Kelly, T.J.: Detecting Flaws and Intruders with Visual Data Analysis. Computer Graphics and Applications 24(5), 27–35 (2004)CrossRefGoogle Scholar
  18. 18.
    Axelsson, S.: Combining a Bayesian Classifier with Visualisation: Understanding the IDS. In: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp. 99–108. ACM Press, Washington (2004)CrossRefGoogle Scholar
  19. 19.
    Chirillo, J.: The Top 75 Hack Attacks. In: Long, C.A. (ed.) Hack attacks revelead, 2nd edn. Wiley, Indianapolis (2002)Google Scholar
  20. 20.
    Fingerprinting Port 80 Attacks, A look into web server and web application attack signatures, admin@cgisecurity.com (2002)Google Scholar
  21. 21.
    Carpenter, G., Grossberg, S.: A Massively Parallel Architecture for a Self-Organizing Neural Pattern Recognition Machine. Computer Vision, Graphics and Image Processing 37, 54–115 (1987)CrossRefGoogle Scholar
  22. 22.
    Xydas, I., Miaoulis, G., Bonnefoi, P.-F., Plemenos, D., Ghazanfarpour, D.: 3D Graph Visualisation of Web Normal and Malicious Traffic. In: Proceedings of the 10th International Conference on Information Visualization (IV 2006), London, UK, pp. 621–629 (2006), doi:10.1109/iv.2006.2.Google Scholar
  23. 23.
    Haykin, S.: Neural networks, a comprehensive foundation, 2nd edn. Prentice-Hall, Englewood Cliffs (1999)MATHGoogle Scholar
  24. 24.
    Montana, D., Davis, L.: Training feedforward neural networks using genetic algorithms. In: Proceedings of 11th International Joint Conference Artificial Intelligence, pp. 762–767. Morgan Kaufmann, San Francisco (1989)Google Scholar
  25. 25.
    GraphViz software, http://www.graphviz.org
  26. 26.
  27. 27.
    Xydas, I.: Network security policy surveillance aid using intelligent visual representation and knowledge extraction from a network operation graph, Doctoral dissertation, University of Limoges, France (2007)Google Scholar
  28. 28.
    Webb, A.: Statistical Pattern Recognition, 2nd edn. Wiley, England (2005)Google Scholar
  29. 29.
    Hogg, R., Tanis, E.: Probability and Statistical Inference, 7th edn. Pearson Prentice Hall, NJ (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Ioannis Xydas
    • 1
  1. 1.Department of Computer ScienceTechnological Educational Institution of AthensAthensGreece

Personalised recommendations