Skip to main content
SpringerLink
Log in

Visualization of Misuse-Based Intrusion Detection: Application to Honeynet Data

  • Conference paper
Soft Computing Models in Industrial and Environmental Applications, 6th International Conference SOCO 2011

Part of the book series: Advances in Intelligent and Soft Computing ((AINSC,volume 87))

Abstract

This study presents a novel soft computing system that provides network managers with a synthetic and intuitive representation of the situation of the monitored network, in order to reduce the widely known high false-positive rate associated to misuse-based Intrusion Detection Systems (IDSs). The proposed system is based on the use of different projection methods for the visual inspection of honeypot data, and may be seen as a complementary network security tool that sheds light on internal data structures through visual inspection. Furthermore, it is intended to understand the performance of Snort (a well-known misuse-based IDS) through the visualization of attack patterns. Empirical verification and comparison of the proposed projection methods are performed in a real domain where real-life data are defined and analyzed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Myerson, J.M.: Identifying Enterprise Network Vulnerabilities. International Journal of Network Management 12(3), 135–144 (2002)

    Article  Google Scholar 

  2. Charles, K.A.: Decoy Systems: A New Player in Network Security and Computer Incident Response. International Journal of Digital Evidence 2(3) (2004)

    Google Scholar 

  3. libpcap, http://www-nrg.ee.lbl.gov/

  4. Rizza, J.M.: Computer Network Security. Springer US, Heidelberg (2005)

    Google Scholar 

  5. D’Amico, A.D., Goodall, J.R., Tesone, D.R., Kopylec, J.K.: Visual Discovery in Computer Network Defense. IEEE Computer Graphics and Applications 27(5), 20–27 (2007)

    Article  Google Scholar 

  6. Goodall, J.R., Lutters, W.G., Rheingans, P., Komlodi, A.: Focusing on Context in Network Traffic Analysis. IEEE Computer Graphics and Applications 26(2), 72–80 (2006)

    Article  Google Scholar 

  7. Itoh, T., Takakura, H., Sawada, A., Koyamada, K.: Hierarchical Visualization of Network Intrusion Detection Data. IEEE Computer Graphics and Applications 26(2), 40–47 (2006)

    Article  Google Scholar 

  8. Livnat, Y., Agutter, J., Moon, S., Erbacher, R.F., Foresti, S.: A Visualization Paradigm for Network Intrusion Detection. In: Sixth Annual IEEE SMC Information Assurance Workshop, IAW 2005(2005)

    Google Scholar 

  9. Herrero, Á., Corchado, E., Gastaldo, P., Zunino, R.: Neural Projection Techniques for the Visual Inspection of Network Traffic. Neurocomputing 72(16-18), 3649–3658 (2009)

    Article  Google Scholar 

  10. Herrero, Á., Corchado, E., Pellicer, M.A., Abraham, A.: MOVIH-IDS: A Mobile-Visualization Hybrid Intrusion Detection System. Neurocomputing 72(13-15), 2775–2784 (2009)

    Article  Google Scholar 

  11. Ahlberg, C., Shneiderman, B.: Visual Information Seeking: Tight Coupling of Dynamic Query Filters with Starfield Displays. In: Readings in Information Visualization: using Vision to Think, pp. 244–250. Morgan Kaufmann Publishers Inc., San Francisco (1999)

    Google Scholar 

  12. Goodall, J.R., Lutters, W.G., Rheingans, P., Komlodi, A.: Preserving the Big Picture: Visual Network Traffic Analysis with TNV. In: IEEE Workshop on Visualization for Computer Security (VizSEC 2005). IEEE Computer Society, Los Alamitos (2005)

    Google Scholar 

  13. Friedman, J.H., Tukey, J.W.: A Projection Pursuit Algorithm for Exploratory Data-Analysis. IEEE Transactions on Computers 23(9), 881–890 (1974)

    Article  MATH  Google Scholar 

  14. Corchado, E., MacDonald, D., Fyfe, C.: Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit. Data Mining and Knowledge Discovery 8(3), 203–225 (2004)

    Article  MathSciNet  Google Scholar 

  15. Oja, E.: A Simplified Neuron Model as a Principal Component Analyzer. Journal of Mathematical Biology 15(3), 267–273 (1982)

    Article  MathSciNet  MATH  Google Scholar 

  16. Sanger, D.: Contribution Analysis: a Technique for Assigning Responsibilities to Hidden Units in Connectionist Networks. Connection Science 1(2), 115–138 (1989)

    Article  Google Scholar 

  17. Fyfe, C.: A Neural Network for PCA and Beyond. Neural Processing Letters 6(1-2), 33–41 (1997)

    Article  MathSciNet  Google Scholar 

  18. Corchado, E., Fyfe, C.: Connectionist Techniques for the Identification and Suppression of Interfering Underlying Factors. International Journal of Pattern Recognition and Artificial Intelligence 17(8), 1447–1466 (2003)

    Article  Google Scholar 

  19. Zurutuza, U., Uribeetxeberria, R., Zamboni, D.: A Data Mining Approach for Analysis of Worm Activity through Automatic Signature Generation. In: 1st ACM Workshop on AISec. ACM, New York (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Electronics and Computing Department, Mondragon University, Goiru Kalea, 2, 20500, Arrasate-Mondragon, Spain

    Urko Zurutuza & Enaitz Ezpeleta

  2. Civil Engineering Department, University of Burgos, C/ Francisco de Vitoria s/n, 09006, Burgos, Spain

    Álvaro Herrero

  3. Departamento de Informática y Automática, University of Salamanca, Plaza de la Merced s/n, 37008, Salamanca, Spain

    Emilio Corchado

Authors
  1. Urko Zurutuza
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Enaitz Ezpeleta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Álvaro Herrero
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Emilio Corchado
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Universidad de Salamanca, Plaza de la Merced S/N, 37008, Salamanca, Spain

    Emilio Corchado

  2. VŠB-TU Ostrava, 17. listopadu 15, 70833, Ostrava, Czech Republic

    Václav Snášel

  3. University of Burgos, Avenida Cantaria S/N, 09006, Burgos, Spain

    Javier Sedano

  4. Cairo University, 5 Ahmed Zewal St., Orman, Cairo, Egypt

    Aboul Ella Hassanien

  5. University of La Coruña, Avda. 19 de Febrero, S/N, A Coruña,, 15403, Ferrol, Spain

    José Luis Calvo

  6. Infobright, 47 Colborne Street, Suite 403, M5E1P8, Toronto, Ontario, Canada

    Dominik Ślȩzak

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zurutuza, U., Ezpeleta, E., Herrero, Á., Corchado, E. (2011). Visualization of Misuse-Based Intrusion Detection: Application to Honeynet Data. In: Corchado, E., Snášel, V., Sedano, J., Hassanien, A.E., Calvo, J.L., Ślȩzak, D. (eds) Soft Computing Models in Industrial and Environmental Applications, 6th International Conference SOCO 2011. Advances in Intelligent and Soft Computing, vol 87. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19644-7_59

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19644-7_59

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19643-0

  • Online ISBN: 978-3-642-19644-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation