TY - GEN
T1 - Visualization of security events using an efficient correlation technique
AU - Wu, Qishi
AU - Ferebee, Denise
AU - Lin, Yunyue
AU - Dasgupta, Dipankar
PY - 2009
Y1 - 2009
N2 - The timely and reliable data transfer required by many networked applications necessitates the development of comprehensive security solutions to monitor and protect against an increasing number of malicious attacks. However, providing complete cyber space situation awareness is extremely challenging because of the lack of effective translation mechanisms from low-level situation information to high-level human cognition for decision making and action support. We propose an adaptive cyber security monitoring system that integrates a number of component techniques to collect timeseries situation information, perform intrusion detection, keep track of event evolution, characterize and identify security events, and present a visual representation in order to provide comprehensive situational view so that corresponding defense actions can be taken in a timely and effective manner. We explore the principles of designing and applying appropriate visualization techniques for situation monitoring by defining graphical representations of security events. This differs from the traditional rule-based pattern matching techniques in that security events in the proposed system are represented as forms of correlation networks using random matrix theory and identified through the computation of network similarity measurement. The events and corresponding event types are visualized using a stemplot to show location and quantity. Extensive simulation results on event identification illustrate the efficacy of the proposed system.
AB - The timely and reliable data transfer required by many networked applications necessitates the development of comprehensive security solutions to monitor and protect against an increasing number of malicious attacks. However, providing complete cyber space situation awareness is extremely challenging because of the lack of effective translation mechanisms from low-level situation information to high-level human cognition for decision making and action support. We propose an adaptive cyber security monitoring system that integrates a number of component techniques to collect timeseries situation information, perform intrusion detection, keep track of event evolution, characterize and identify security events, and present a visual representation in order to provide comprehensive situational view so that corresponding defense actions can be taken in a timely and effective manner. We explore the principles of designing and applying appropriate visualization techniques for situation monitoring by defining graphical representations of security events. This differs from the traditional rule-based pattern matching techniques in that security events in the proposed system are represented as forms of correlation networks using random matrix theory and identified through the computation of network similarity measurement. The events and corresponding event types are visualized using a stemplot to show location and quantity. Extensive simulation results on event identification illustrate the efficacy of the proposed system.
KW - Cyber security
KW - Event correlation
KW - Information visualization
KW - Random matrix theory
KW - Visual analysis
UR - http://www.scopus.com/inward/record.url?scp=67650456865&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=67650456865&partnerID=8YFLogxK
U2 - 10.1109/CICYBS.2009.4925091
DO - 10.1109/CICYBS.2009.4925091
M3 - Conference contribution
AN - SCOPUS:67650456865
SN - 9781424427697
T3 - 2009 IEEE Symposium on Computational Intelligence in Cyber Security, CICS 2009 - Proceedings
BT - 2009 IEEE Symposium on Computational Intelligence in Cyber Security, CICS 2009 - Proceedings
T2 - 2009 IEEE Symposium on Computational Intelligence in Cyber Security, CICS 2009
Y2 - 30 March 2009 through 2 April 2009
ER -