CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Visualisation for intrusion detection hooking the worm

Stefan Axelsson (Institutionen för datavetenskap)
Lecture Notes in Computer Science Proceedings - 8th European Symposium on Research in Computer Security, Gjövik, 13-15 October 2003 (0302-9743). Vol. 2808 (2003), p. 309-325.
[Konferensbidrag, refereegranskat]

Even though intrusion detection systems have been studied for a number of years several problems remain; chiefly low detection rates and high false alarm rates. Instead of building automated alarms that trigger when a computer security violation takes place, we propose to visualise the state of the computer system such that the operator himself can determine whether a violation has taken place. In effect replacing the "burglar alarm" with a "security camera". In order to illustrate the use of visualisation for intrusion detection purposes, we applied a trellis plot of parallel coordinate visualisations to the log of a small personal web server. The intent was to find patterns of malicious activity from so called worms, and to be able to distinguish between them and benign traffic. Several such patterns were found, including one that was unknown at the time to the security community at large.

Denna post skapades 2013-02-20.
CPL Pubid: 173916


Läs direkt!

Länk till annan sajt (kan kräva inloggning)

Institutioner (Chalmers)

Institutionen för datavetenskap (2002-2004)


Data- och informationsvetenskap

Chalmers infrastruktur