CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Visualising Intrusions: Watching the Webserver

Stefan Axelsson (Institutionen för datavetenskap, ProSec)
proceedings of the 19th IFIP International Information Security Conference (SEC2004) (2004)
[Konferensbidrag, refereegranskat]

Despite several years of intensive study, intrusion detection systems still suffer from a key deficiency: A high rate of false alarms. To counteract this, this paper proposes to visualise the state of the computer system such that the operator can determine whether a violation has taken place. To this end a very simple anomaly detection inspired log reduction scheme is combined with graph visualisation, and applied to the log of a webserver with the intent of detecting patterns of benign and malicious (or suspicious) accesses. The combination proved to be effective. The visualisation of the output of the anomaly detection system counteracted its high rate of false alarms, while the anomaly based log reduction helped reduce the log data to manageable proportions. The visualisation was more successful in helping identifying benign accesses than malicious accesses. All the types of malicious accesses present in the log data were found.

Nyckelord: Visualisation, Intrusion detection, Computer Security



Denna post skapades 2006-09-28. Senast ändrad 2013-08-12.
CPL Pubid: 2261

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)


Institutioner (Chalmers)

Institutionen för datavetenskap, ProSec (2002-2004)

Ämnesområden

Information Technology

Chalmers infrastruktur