An intelligent, interactive tool for exploration and visualization of time-oriented security data
作者: Asaf Shabtai , Denis Klimov , Yuval Shahar , Yuval Elovici
关键词: Knowledge-based systems 、 Networking hardware 、 Data mining 、 Context (language use) 、 Visualization 、 Trojan 、 Automatic summarization 、 Computer science 、 File Transfer Protocol 、 Raw data
摘要: The detection of known and unknown attacks usually requires the interpretation presentation very large amounts time-oriented security data. Using regular means for displaying data, such as text or tables, is often ineffective. Furthermore, only raw data not sufficient, because expert still required to derive meaningful conclusions from In addition, in many cases (e.g., detecting a virus spreading network), an aggregated view multiple network devices more effective than each individual device. this paper we propose intelligent interface used by distributed architecture that was described our previous work, specific tasks knowledge-based interpretation, summarization, query, visualization interactive exploration numbers order support computation process, provide automated mechanisms perform derivation context-specific, interval-based abstract interpretations (also Temporal Abstractions) time-stamped using domain-specific knowledge-base period 5 hours, during night, high number FTP connections within context No User Activity, which might indicate existence Trojan computer). proposed tool includes several functionalities querying, both abstracted regarding single devices.
acm.org
sci-hub.se 参考文章(26)
Yuval Shahar, A knowledge-based method for temporal abstraction of clinical data Stanford University. ,(1995)
G. Conti, J. Grizzard, M. Ahamad, H. Owen, Visual exploration of malicious network objects using semantic zoom, interactive encoding and dynamic queries visualization for computer security. pp. 10- 10 ,(2005) , 10.1109/VIZSEC.2005.19
K. Lakkaraju, R. Bearavolu, A. Slagell, W. Yurcik, S. North, Closing-the-loop in NVisionIP: integrating discovery and search in security visualizations visualization for computer security. pp. 9- 9 ,(2005) , 10.1109/VIZSEC.2005.3
C. Muelder, Kwan-Liu Ma, T. Bartoletti, A visualization methodology for characterization of network scans visualization for computer security. pp. 4- 4 ,(2005) , 10.1109/VIZSEC.2005.2
David H. Jones, Anne Kao, Mihael Ankerst, Changzhou Wang, DataJewel: Tightly Integrating Visualization with Temporal Data Mining ,(2003)
K. Abdullah, C. Lee, G. Conti, J.A. Copeland, J. Stasko, IDS rainStorm: visualizing IDS alarms visualization for computer security. pp. 1- 10 ,(2005) , 10.1109/VIZSEC.2005.8
Yuval Shahar, Denis Klimov, A framework for intelligent visualization of multiple time-oriented medical records. american medical informatics association annual symposium. ,vol. 2005, pp. 405- 409 ,(2005)
R.F. Erbacher, K. Christensen, A. Sundberg, Designing visualization capabilities for IDS challenges visualization for computer security. pp. 15- 15 ,(2005) , 10.1109/VIZSEC.2005.5
A. Oline, D. Reiners, Exploring three-dimensional visualization for intrusion detection visualization for computer security. pp. 14- 14 ,(2005) , 10.1109/VIZSEC.2005.6
Yuval Shahar, Dynamic temporal interpretation contexts for temporal abstraction Annals of Mathematics and Artificial Intelligence. ,vol. 22, pp. 159- 192 ,(1998) , 10.1023/A:1018998326167