Hierarchical Clustering and Visualization of Aggregate Cyber Data

Patton, Robert M; Beaver, Justin M; Steed, Chad A; Potok, Thomas E; Treadwell, Jim N

doi:10.1109/IWCMC.2011.5982725

Hierarchical Clustering and Visualization of Aggregate Cyber Data

Conference · Fri Dec 31 23:00:00 EST 2010

DOI:https://doi.org/10.1109/IWCMC.2011.5982725· OSTI ID:1024294

Patton, Robert M ^[1]; Beaver, Justin M ^[1]; Steed, Chad A ^[1]; Potok, Thomas E ^[1]; Treadwell, Jim N ^[1]

ORNL

Most commercial intrusion detections systems (IDS) can produce a very high volume of alerts, and are typically plagued by a high false positive rate. The approach described here uses Splunk to aggregate IDS alerts. The aggregated IDS alerts are retrieved from Splunk programmatically and are then clustered using text analysis and visualized using a sunburst diagram to provide an additional understanding of the data. The equivalent of what the cluster analysis and visualization provides would require numerous detailed queries using Splunk and considerable manual effort.

🛈

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Research Organization:: Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC05-00OR22725

OSTI ID:: 1024294

Country of Publication:: United States

Language:: English

Similar Records

Alerts Visualization and Clustering in Network-based Intrusion Detection

Conference · Thu Apr 01 00:00:00 EDT 2010 · OSTI ID:986833

Alerts Analysis and Visualization in Network-based Intrusion Detection Systems

Conference · Sun Aug 01 00:00:00 EDT 2010 · OSTI ID:986830

Visualization Techniques for Computer Network Defense

Conference · Fri Dec 31 23:00:00 EST 2010 · OSTI ID:1018615

Hierarchical Clustering and Visualization of Aggregate Cyber Data

Citation Formats

Similar Records

Related Subjects