CSE CST Visualization Techniques for Intrusion Detection Steven Johnston Communications Security Establishment William Wright Oculus Info Inc. Workshop.

Slides:



Advertisements
Similar presentations
Defining Decision Support System
Advertisements

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
The Most Analytical and Comprehensive Defense Network in a Box.
Interface Design Tufteism.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
1 Visualizer for Firewall Display & Analysis Tool.
Monitoring Your Network Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop discussion.
Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.
II Information Systems Technology Ross Malaga 8 "Part II Using Information Systems“ Copyright © 2005 Prentice Hall, Inc. 8-1 Using Information Systems.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.
seminar on Intrusion detection system
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
© 2010 IBM Corporation © 2011 IBM Corporation September 6, 2012 NCDHHS FAMS Overview for Behavioral Health Managed Care Organizations.
Overview of Total Quality Tools
The Most Analytical and Comprehensive Defense Network in a Box.
* When conducting qualitative research one is faced with the difficult task of interpreting the data. The following has been created to help make sense.
Information Visualization for Intrusion Detection Analysis: A Needs Assessment of Security Experts John Goodall, Anita Komlodi, Wayne G. Lutters UMBC Workshop.
Monitoring Your Network A College Approach Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
Best Practice: Alarming for Wonderware System Platform
#PACnet15. Moderator  Tina John » Sr. Product Manager, Paciolan Presenters  Michael See» Data Consultant, Paciolan  Tina John » Sr. Product Manager,
Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.
Copyright © 2008, SAS Institute Inc. All rights reserved. Interactive Analysis and Data Visualization Using JMP −Dara Hammond, Federal Systems Engineer.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Learning from Model-Produced Graphs in a Climate Change Science Class Catherine Gautier Geography Department UC Santa Barbara.
Approaches to Intrusion Detection statistical anomaly detection – threshold – profile based rule-based detection – anomaly – penetration identification.
If you have a transaction processing system, John Meisenbacher
2013 IEEE 14th International Conference on Mobile Data Management Authors: 1. Jiansu Pu 2. Siyuan Liu 3. Ye Ding 4. Huamin Qu 5. Lionel Ni By: Farah Kamw.
Integrated Hands-On Mechanical System Laboratories Arif Sirinterlikci, Ph.D., Professor of Engineering Tony Kerzmann, Ph.D., Assistant Professor of Mechanical.
Info-Tech Research Group1 1 Info-Tech Research Group, Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine.
Enterprise Security Management Franklin Tinsley COSC 481.
Despite of spending high on digital information security, organizations still remain exposed to external threats. However, data center providers are helping.
Some Great Open Source Intrusion Detection Systems (IDSs)
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
MARS: Mobile Application for Router Status CS 426 Senior Project - Spring 2014 Christine Johnson ● Eric Klukovich ● Matthew VanCompernolle Department of.
SIEM Rotem Mesika System security engineering
Business process management (BPM)
Big Data Enterprise Patterns
Ch.22 INTRUSION DETECTION
Apache Spot (Incubating)
Reporting and Analysis With Microsoft Office
Overview Power Quality Dashboard Fred Elmendorf August 2014.
Huawei Digital Pipeline Solution
Business process management (BPM)
Rules of Thumb to Mathematical Rule- A Cyber Security Journey
Technology & Analytics
What’s in a Name? Are We Really Talking About Books?
COST-VOLUME-PROFIT ANALYSIS A Managerial Planning Tool
Y. Liu, M. Deshmukh, J. C. Wulkop, P. M. Fischer and A. Gerndt
Good and Bad Data Visualizations
Evaluating a Real-time Anomaly-based IDS
An Enhanced Support Vector Machine Model for Intrusion Detection
Northwestern Lab for Internet and Security Technology (LIST) Yan Chen Department of Computer Science Northwestern University.
Cybersecurity Insider Threat Analytics
Celtic-Plus Proposers Day 20th June 2017, Helsinki
Tools of Software Development
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Affiliation: School of Nursing, Midwifery and Indigenous Health
Security and Trustworthiness in Cloud Computing
OPS235: Configuring a Network Using Virtual Machines – Part 2
Root Cause Analysis: Why? Why? Why?
Detecting anomalies in clinical data using interactive graphics
Website production.
Exemplary Practices for Displaying Public Health Data
Share What You Have Learned EP Session
Protection Mechanisms in Security Management
Data Analytics Case Study
Presentation transcript:

CSE CST Visualization Techniques for Intrusion Detection Steven Johnston Communications Security Establishment William Wright Oculus Info Inc. Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection June 11 – 13, 2002 Johns Hopkins University

CSE CST OutlineOutline n Intrusion detection issues n Using visualization as a solution n Current visualization tools developed n Future development of visualization in intrusion detection

CSE CST Intrusion Detection Issues n Large amounts of IDS data n Bad “signal/noise” ratio on most un-tuned IDS , :00:05,"SNMP_Suspicious_Get",17,1025,161,"1025","SNMP", , ," "," ","","","",2,False,"00:05:32:02:DD:EC","","00:00:0C:05:D0:43","",0, "",5," ",False,0, A8E , :00:10,"PingFlood",1,0,0,"","", , ," "," ","","Echo Request","None",1,False,"00:00:0C:05:D0:43","","00:05:32:02:DD:EC","",0,"",0," ",False,0, A8E , :00:29,"PingFlood",1,0,0,"","", , ," "," ","","Echo Request","None",1,False,"00:00:0C:05:D0:43","","00:05:32:02:DD:EC","",0,"",0," ",False,0, A8E , :00:38,"HTTP_ActiveX",6,80,1545,"HTTP","1545", , ," "," ","","","",1,False,"00:00:0C:05:D0:43","","00:05:32:02:DD:EC","",0," ",0," ",False,0, A8E5

CSE CST Intrusion Detection Issues n If alarms are removed, harmful events may slip through unnoticed n Event correlation (IDS, routers, firewalls) n Reporting incidents to senior management or other non- experts n Advances in technology and increases in network capacity are a mixed blessing

CSE CST Visualization as a Solution n Allows people to see and comprehend large amounts of complex data in a short period of time n Helps the analyst to identify significant incidents and reduce time wasted with false positives n Facilitates explanation of incidents to a broader, non-expert audience n Provides ability to cue the analyst through the use of colour, shape, patterns, or motion

CSE CST Visualization Tool Development n Two graphical applications have been developed for evaluation  Intrusion Detection Analyst Workbench  Animated Incident Explanation Engine n Both display data visually, but currently have two distinct audiences

CSE CST Intrusion Detection Analyst Workbench n More than two million events can be displayed and analyzed in multiple concurrent dynamic charts n Each chart is linked, allowing the analyst to select something in one chart, and the relevant details will be highlighted in the other charts

CSE CST Intrusion Detection Analyst Workbench n Assists in isolating, investigating and prioritizing events n Evaluated side-by-side with traditional methods and proved to be significantly faster and easier n Run by commercial off-the-shelf Advizor™ product

CSE CST Intrusion Detection Analysts Workbench - Demo

CSE CST Animated Incident Explanation Engine n Designed to show the significance and nature of the events without overwhelming the viewer n Easy to see who did what to whom and when n Excellent for explaining concepts to non-experts

CSE CST Animated Incident Explanation Engine - Demo

CSE CST Future Developments n Expansion and integration of the two current tools n Anomaly detection capability through the use of network traffic data along with fused IDS alarms n Integrated time based comparisons n Overlaying analytical methods and results

CSE CST ConclusionsConclusions n Visualization has proved to be an effective analyst’s tool n Complex information is easily understood by non-experts n More development and research needed

CSE CST Questions?Questions? To contact us: Steven Johnston, Communications Security Establishment: William Wright, Oculus Info Inc.:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.