Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse
- ORNL
The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our pro-posed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describe the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.
- Research Organization:
- Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- USDOE Laboratory Directed Research and Development (LDRD) Program
- DOE Contract Number:
- DE-AC05-00OR22725
- OSTI ID:
- 1090473
- Journal Information:
- International Journal of Communications, Network and System Sciences, Vol. 5, Issue 9a; ISSN 1913--3715
- Country of Publication:
- United States
- Language:
- English
Similar Records
Development and Demonstration of a Security Core Component
Flexible visualization of a 3rd party Intrusion Prevention (Security) tool: A use case with the ELK stack