Abstract

We propose a novel graphical technique (SVision) for intrusion detection, which pictures the network as a community of hosts independently roaming in a 3D space defined by the set of services that they use. The aim of SVision is to graphically cluster the hosts into normal and abnormal ones, highlighting only the ones that are considered as a threat to the network. Our experimental results conducted on DARPA 1999 and 2000 intrusion detection and evaluation datasets as well as real network data captured between 2003 and 2005 from the University of New Brunswick main link, and also a private network, show the proposed technique as a good candidate for the detection of various network threats such as vertical and horizontal scanning attacks, Denial of Service (DoS) attacks, Distributed DoS (DDoS) attacks, as well as worm propagation attack. Finally, the visualization technique proves to cope with high number of hosts in the network, the experimental results using network data of up to 1,000,000 distinct IPs per time interval.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.