Visual Analytics Model for Intrusion Detection in Flood Attack

Concurrency and Computation

2014

Self Cite

Summary In this paper, we extended our density model to BigData analysis and visualization. BigData, which contains images, videos, texts, audio files and other forms of data collected from multiple datasets, is difficult to process and visualize using traditional database management and visualization tools. The challenges are in representing multiple datasets and illustrating and visualizing data patterns to meet business, government and organization needs. We have established the 5Ws density model which uses the 5Ws dimensions for BigData analysis and visualization. The 5Ws dimensions are what the data contain, why the data were transferred, where the data came from, when the data occurred, who received the data and how the data were transferred. According to the network log dataset, an example of BigData, each data incident can be classified into these 5Ws dimensions. The network log dataset ISCX2012 is tested throughout our model. This new model not only classifies network attributes and patterns but also establishes density patterns that provide more analytical features for BigData analysis and visualization. The experimental result shows that this new model with clustered visualization can be efficiently used for BigData analysis and network intrusion detection. Concurrency and Computation: Practice and Experience, 2014.© 2014 Wiley Periodicals, Inc.

show abstract

“…According to Density‐Workload model , the victim's system workload λ that handles the flood attacks is defined as

\begin{matrix} left \\ \begin{array}{c} center & α & β & γ & δ & ε \end{array} \\ λ = (\begin{array}{c} center & λ_{11} & λ_{12} & λ_{13} & λ_{14} & λ_{15} \\ center & λ_{21} & λ_{22} & λ_{23} & λ_{24} & λ_{25} \\ center & λ_{31} & λ_{32} & λ_{33} & λ_{34} & λ_{35} \\ center & λ_{41} & λ_{42} & λ_{43} & λ_{44} & λ_{45} \\ center & λ_{51} & λ_{52} & λ_{53} & λ_{54} & λ_{55} \end{array}) \begin{array}{c} center & c p u \\ center & r a m \\ center & h d d \\ center & n e t \\ center & s y s \end{array} \end{matrix}

Section: Ws Density Modelmentioning

confidence: 99%

“…According to Density-Workload model [13], the victim's system workload λ that handles the flood attacks is defined as…”

Section: Density Correlation Cross Multiple Datasetsmentioning

confidence: 99%

Density approach: a new model for BigData analysis and visualization

Concurrency and Computation

2014

Self Cite

show abstract

“…All network traffic that flows to the victim site (dip=k) is a set F victim , which is defined as (1) , f (2) , f (3) , . .…”

Section: B Second-layer Densitiesmentioning

confidence: 99%

“…In this paper, we future develop our visual analytics model shown in [3] and [8] to analyze the flood attacks. Firstly, we analyze the characteristics of flood attacks and their behaviors based on the flood traffic through the Internet, and then establish the traffic patterns of flood attacks to form the sending-density and the receiving-density.…”

Section: Introductionmentioning

confidence: 99%

Visual analysis and detection of network flood attacks through Two-Layer density approach

Proceedings of 2013 3rd International Conference on Computer Science and Network Technology

2013

Self Cite

Flood attack patterns have variability depending on the network environment. It has been necessitated that the need for visual analysis within an Intrusion Detection System (IDS) is to identify these flood-attack patterns. The challenges are how to increase the accuracy of detection and how to visualize and present flood attack patterns in networks for early detection. In this paper, we propose a Two-Layer density model for flood attack detection. The first density layer describes sending-density and receiving-density in analyzing Internet traffic. The second density layer describes attack-density and normal-density in analyzing local network traffic at a victim site. Several visualization techniques are used to facilitate the detection process. The experiments demonstrate that the Two-Layer density model has significantly improved the accuracy of the detection of flood attacks and provides users with a better understanding of the nature of flood attacks. Keywords -Network security; flood attack pattern; sending density; receiving density; attack density; information visualization I.978-1-4799-0561-4/13/$31.

show abstract

5Ws Model for Big Data Analysis and Visualization

2013 IEEE 16th International Conference on Computational Science and Engineering

2013