Visualization of Misuse-Based Intrusion Detection: Application to Honeynet Data [chapter]

Urko Zurutuza, Enaitz Ezpeleta, Álvaro Herrero, Emilio Corchado
2011 Advances in Intelligent and Soft Computing  
This study presents a novel soft computing system that provides network managers with a synthetic and intuitive representation of the situation of the monitored network, in order to reduce the widely known high false-positive rate associated to misuse-based Intrusion Detection Systems (IDSs). The proposed system is based on the use of different projection methods for the visual inspection of honeypot data, and may be seen as a complementary network security tool that sheds light on internal
more » ... structures through visual inspection. Furthermore, it is intended to understand the performance of Snort (a well-known misuse-based IDS) through the visualization of attack patterns. Empirical verification and comparison of the proposed projection methods are performed in a real domain where real-life data are defined and analyzed.
doi:10.1007/978-3-642-19644-7_59 dblp:conf/softcomp/ZurutuzaEHC11 fatcat:7fvqyriy6nhi3i3zvins76byri