Network-wide intrusion detection supported by multivariate analysis and interactive visualization
-
Roberto Therón Sánchez; Roberto Magán-Carrión; José Camacho; Gabriel Maciá-Fernández
- Abstract:
- In this paper, we introduce a new visualization tool for network-wide intrusion detection. It is based in multivariate anomaly detection with a combination between Principal Component Analysis (PCA) and a new variant called Group-wise PCA (GPCA). Combining these methodologies with the capabilities of interactive visualization, the resulting tool is a highly flexible and intuitive interface that allows the user to navigate through the enormous amount of data collected in the network, in order to find anomalous or unexpected behaviors. We use a real case study to illustrate the capability of the tool to unveil the complex mixture of information that can be found in network security/traffic data and identify and diagnose anomalies in it.
- Research areas:
- Year:
- 2017
- Type of Publication:
- Proceedings
- Keywords:
- Principal Component Analysis; Tools; Anomaly detection; Data visualization; Loading; security; visualization
- Publisher:
- IEEE
- Address:
- Phoenix, AZ, USA
- Organization:
- VizSec 2017
- Month:
- October
- ISBN:
- 978-1-5386-2693-1
- DOI:
- 10.1109/VIZSEC.2017.8062198
Hits: 3956