Abstract

We describe our efforts to analyze network intrusion detection data using information retrieval and visualization tools. By regarding Telnet sessions as documents, which may or may not include attacks, a session that contains a certain type of attack can be used as a query, allowing us to search the data for other instances of that same type of attack. The use of information visualization techniques allows us to quickly and clearly find the attacks and also find similar, potentially new types of attacks.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call