Goodall, J. R. & Ozok, A. A User-Centered Approach to Visualizing Network Traffic for Intrusion Detection. USA, 2005.
The article is dedicated to the disclosure of the intrusion detection analysis aimed at providing integrity and safety to high-speed computer networks of the modern period. The authors managed to pay attention to the search of attacks indications and misuse within network data; it is necessary to underline the fact that the authors of the article stressed different information visualization tools aimed at intrusion detection protection. The work is based on the highlight of intrusion detection principles of work understanding. It should be noted that the authors strived to underline the importance of user-centered visualization as the method providing a deep understanding of intrusion detection; the authors strived to demonstrate the tool as the approach to understanding the network activity and link details of lower networks.
The article highlights the results taken from preliminary usability testing aimed at showing the benefits of network state contrasting it to the network link. It is necessary to underline the fact that the authors managed to demonstrate the complexity of modern computer networks system; administrators stick to the tools with searching capabilities and filtering within network traffic. Additional tools are used to transform the output from various packets capturing it into data summaries and graphs. The authors showed different alternatives for the users and administrators to tackle the complexity of individual packets.
The article discloses prototype information visualization supporting both state and link analysis of the network data allowing the users to drill down into network packets detail. Special stress is given to the description of information visualization, which combines computer graphics with human perception strengths and serves various purposes within computer networking data. The article discloses different visualization tools aimed at network intrusion detection analysis; the closer look is taken at existing techniques, such as, scatter plots, parallel coordinates, etc. the central idea is concentrated on the description of the TNV tool (time-based Network traffic Visualization) which is predominantly used for state and link network data analysis. The authors explained the fact that this tool is directed at facilitating the intrusion detection analysis tasks being grounded in the work understanding of professional analysts.
Spinosa, E., Carvalho, A. and Gama, J. Cluster-based Novel Concept Detection in Data streams applied to Intrusion Detection in Computer Network. 2008.
The article is dedicated to the cluster-based novelty detection technique being used in case of dealing with a great amount of information being evaluated and presented within intrusion detection. The authors of the paper paid attention to the description of experimental results taken from the operations of the techniques. It is necessary to underline the idea that data streams mining provides certain challenges to the techniques of machine learning; the importance of the approach is considerably increased through the necessity to conduct real-time analysis of the great amount of information that cannot be repeatedly analyzed or stored. The article is concentrated on the basic goal of the Novelty detection technique related to the identification of emerging concepts. ND (novelty detection) technique is directed to the evaluation of various machines faults, and computer networks attacks; the offered technique is considered to be connected with single-class classification via attempts to discover and analyze various novel concepts having similar characteristics and resulting from unexplained by knowledge model. With the knowledge incorporation of novel concepts, one can observe the improvement of new examples explanation. The basic purpose of the paper is aimed at identification of the clusters presenting vivid novel characteristics and dealing with faced restrictions.
It is necessary to stress the idea that the authors focused on the analysis of knowledge model structure identifying the key elements involved in its characteristic being expressed using a normal profile, novel concepts, and certain concepts expanding normal profile. The article dived into the profound analysis of these components expressing their functions and role in the technique operation. The performance of the offered model was demonstrated through the set of intrusion detection data; the results of the research described in the article demonstrated the fact, that attack classes discovery in the form of novel classes is closely dependant on the number of the cluster within the initial normal model and the number of examples necessary for every new cluster. It is important to stress that the concepts analyzed by the authors appeared to play a significant role in contributing to the examples identification within the same class; the article managed to highlight an effective model being capable of a large amount of data processing.
Hilker, M. and Schommer, Ch. Description of Bad-Signatures for Network Intrusion Detection. 2006.
The paper strives to highlight the environment of network assault pressure caused by constant attacks; the authors managed to disclose the peculiarities of NIDS aimed at the protection of computer networks from regular intrusions. It is necessary to stress the fact that the systems described operate through the usage of various stochastic approaches and rule-based systems; the paper underlines the principal disadvantages of the systems being solved using the ANIMA approach. It should be stressed that ANIMA strives to store intrusions’ bad signatures in the form of weighted and directed graphs. The authors stressed the basic plus of the approach, underlining it through adaptation, online system, and easy storage-saving and administration.
The article provides a profound analysis of the ANIMA approach in its relation to intrusion detection, its principal advantages, and disadvantages, as well as implementation and conducted results taken from approach involvement in ID working process through bad-packet-identification together with implementation substantiates.
The article shows the idea that the system analyzed performs a string-matching process; it stores in the form of appropriate data structuring recognized intrusions bad patterns. It should be noted that ANIMA is described as the system detecting and storing various associative patterns from streams of data; besides, it is also the approach used for computer science problems solution sticking to nature as an archetype.
The article managed to highlight different ANIMA modifications for the purpose of intrusions bad-signatures description. The authors managed to present a new creative system, being adaptive, and storage space-saving, and contributing to checking packets against various saved bad signatures.