本文關(guān)鍵詞： visual analytics information visualization cyber security IDS log entropy　出處：《Science China(Information Sciences)》2013年08期 　論文類型：期刊論文

【摘要】：Intrusion Detection Systems(IDS) is an automated cyber security monitoring system to sense malicious activities.Unfortunately,IDS often generates both a considerable number of alerts and false positives in IDS logs.Information visualization allows users to discover and analyze large amounts of information through visual exploration and interaction efficiently.Even with the aid of visualization,identifying the attack patterns and recognizing the false positives from a great number of alerts are still challenges.In this paper,a novel visualization framework,IDSRadar,is proposed for IDS alerts,which can monitor the network and perceive the overall view of the security situation by using radial graph in real-time.IDSRadar utilizes five categories of entropy functions to quantitatively analyze the irregular behavioral patterns,and synthesizes interactions,filtering and drill-down to detect the potential intrusions.In conclusion,IDSRadar is used to analyze the mini-challenges of the VAST challenge 2011 and 2012.
[Abstract]:Intrusion Detection Systems(IDS) is an automated cyber security monitoring system to sense malicious activities.Unfortunately,IDS often generates both a considerable number of alerts and false positives in IDS logs.Information visualization allows users to discover and analyze large amounts of information through visual exploration and interaction efficiently.Even with the aid of visualization,identifying the attack patterns and recognizing the false positives from a great number of alerts are still challenges.In this paper,a novel visualization framework,IDSRadar,is proposed for IDS alerts,which can monitor the network and perceive the overall view of the security situation by using radial graph in real-time.IDSRadar utilizes five categories of entropy functions to quantitatively analyze the irregular behavioral patterns,and synthesizes interactions,filtering and drill-down to detect the potential intrusions.In conclusion,IDSRadar is used to analyze the mini-challenges of the VAST challenge 2011 and 2012.
【作者單位】： Information
【基金】：supported by National Natural Science Foundation of China (Grant No. 61103108) Hunan Provincial Science and Technology Program (Grant Nos. 2012GK3166,2012RS4049) Hunan Provincial Natural Science Foundation of China (Grant No. 12JJ3062) Postdoc Research Funding in Central South University
【分類號】：TP393.08
，

本文編號：1503304