NESG

Icono Icono

Icono Icono

Network-wide intrusion detection supported by multivariate analysis and interactive visualization

Roberto Therón Sánchez; Roberto Magán-Carrión; José Camacho; Gabriel Maciá-Fernández
Abstract:
In this paper, we introduce a new visualization tool for network-wide intrusion detection. It is based in multivariate anomaly detection with a combination between Principal Component Analysis (PCA) and a new variant called Group-wise PCA (GPCA). Combining these methodologies with the capabilities of interactive visualization, the resulting tool is a highly flexible and intuitive interface that allows the user to navigate through the enormous amount of data collected in the network, in order to find anomalous or unexpected behaviors. We use a real case study to illustrate the capability of the tool to unveil the complex mixture of information that can be found in network security/traffic data and identify and diagnose anomalies in it.
Research areas:
Year:
2017
Type of Publication:
Proceedings
Keywords:
Principal Component Analysis; Tools; Anomaly detection; Data visualization; Loading; security; visualization
Publisher:
IEEE
Address:
Phoenix, AZ, USA
Organization:
VizSec 2017
Month:
October
ISBN:
978-1-5386-2693-1
DOI:
10.1109/VIZSEC.2017.8062198
Hits: 477