{"title":"入侵行为识别的可视化技术","authors":"R. Erbacher","doi":"10.1109/IAW.2005.1495938","DOIUrl":null,"url":null,"abstract":"Current intrusion detection techniques are plagued with false positives and false negatives. Ensuring that intrusions are not missed requires that administrators filter through enormous numbers of false positives. In this work, we are attempting to improve the administrators ability to analyze the available data, make far more rapid assessments as to the nature of a given event or event stream, and identify anomalous activity not normally identified as such. To this end, we are exploring the roots of the identified activity, namely the underlying behavior of the users, hosts, and networks under the administrator's auspices. We present here our work related to visualization as it applies to behavior and intrusion detection. We have found that the representations can be quite effective at conveying the needed information and resolving the relationships extremely rapidly.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"114 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Visualization techniques for intrusion behavior identification\",\"authors\":\"R. Erbacher\",\"doi\":\"10.1109/IAW.2005.1495938\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Current intrusion detection techniques are plagued with false positives and false negatives. Ensuring that intrusions are not missed requires that administrators filter through enormous numbers of false positives. In this work, we are attempting to improve the administrators ability to analyze the available data, make far more rapid assessments as to the nature of a given event or event stream, and identify anomalous activity not normally identified as such. To this end, we are exploring the roots of the identified activity, namely the underlying behavior of the users, hosts, and networks under the administrator's auspices. We present here our work related to visualization as it applies to behavior and intrusion detection. We have found that the representations can be quite effective at conveying the needed information and resolving the relationships extremely rapidly.\",\"PeriodicalId\":252208,\"journal\":{\"name\":\"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop\",\"volume\":\"114 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-06-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IAW.2005.1495938\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2005.1495938","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Visualization techniques for intrusion behavior identification
Current intrusion detection techniques are plagued with false positives and false negatives. Ensuring that intrusions are not missed requires that administrators filter through enormous numbers of false positives. In this work, we are attempting to improve the administrators ability to analyze the available data, make far more rapid assessments as to the nature of a given event or event stream, and identify anomalous activity not normally identified as such. To this end, we are exploring the roots of the identified activity, namely the underlying behavior of the users, hosts, and networks under the administrator's auspices. We present here our work related to visualization as it applies to behavior and intrusion detection. We have found that the representations can be quite effective at conveying the needed information and resolving the relationships extremely rapidly.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
