Academic Journals Database
Disseminating quality controlled scientific knowledge

Network Intrusion Detection and Visualization Using Aggregations in a Cyber Security Data Warehouse

Author(s): Bogdan Denny Czejdo | Erik M. Ferragut | John R. Goodall | Jason Laska

Journal: International Journal of Communications, Network and System Sciences
ISSN 1913-3715

Volume: 05;
Issue: 09;
Start page: 593;
Date: 2012;
Original page

Keywords: Cyber Security | Network Intrusion | Anomaly Detection | Data Warehouses | Aggregation | Personalization | Situational Understanding

The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our proposed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describe the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.
Save time & money - Smart Internet Solutions     

Tango Rapperswil
Tango Rapperswil