6. Conclusions
We have developed a Markovian detector with chi square testing. A method for visualizing the learned features of the detector was devised. As this display was too detailed to be useful in and of itself, a method to visually abstract the features to give the user more overview (in two steps) of the data was developed.
The resulting prototype Chi2vis was put to the test on two data sets. A more extensive one comprising of one month worth of web server logs from a fairly large web server and a smaller one with publicly available system call trace data. The experiment demonstrated the ability of the detector to detect novel intrusions (i.e. variants of previously seen attempts) and the visualization proved helpful in letting the user differentiate between true and false alarms. The interactive feedback also made it possible for the user to retrain the detector until it performed as wanted.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
Rights and permissions
Copyright information
© 2006 Springer Science+Business Media, Inc.
About this chapter
Cite this chapter
(2006). Visualizing the Inner Workings of a Self Learning Classifier: Improving the Usability of Intrusion Detection Systems. In: Understanding Intrusion Detection Through Visualization. Advances in Information Security, vol 24. Springer, Boston, MA. https://doi.org/10.1007/0-387-27636-X_6
Download citation
DOI: https://doi.org/10.1007/0-387-27636-X_6
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-27634-2
Online ISBN: 978-0-387-27636-6
eBook Packages: Computer ScienceComputer Science (R0)