Discovering Attack Structures using Behavior Driven Alert Correlation with Dynamic Visualization of Network Intrusions

A.Z. Rana, M.L. Huang, and T. Hintz (Australia)


Information visualization, Dynamic visualization, Static visualization, Intrusion detection systems.


The existing Intrusion Detection Systems often generate alerts that represent only a sub attack of the attack, which the attacker is trying to accomplish. There is no work previously been carried out to implicitly link alerts together to discover attack plans from generated alerts. This paper proposes the system frame-work for behavior driven dynamic visual intrusion detection system that can be used to find out implicit relationships among alerts and discover attack plans which consist of smaller attacks, carried out in some particular sequential order. The paper also talks about how dynamic visualization along with the static visualization can be used for the visualization of alert and attack structures.

Important Links:

Go Back