Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse

by B. D. Czejdo, E. M. Ferragut, J. R. Goodall, J. Laska


The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our proposed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describe the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.  

Read more

Download Publication

Access for International Journal of Communications, Network and System Sciences subscribers only.

Publication Citation

International Journal of Communications, Network and System Sciences 2012 5 (593-602)