TITLE:
Network Intrusion Detection and Visualization Using Aggregations in a Cyber Security Data Warehouse
AUTHORS:
Bogdan Denny Czejdo, Erik M. Ferragut, John R. Goodall, Jason Laska
KEYWORDS:
Cyber Security; Network Intrusion; Anomaly Detection; Data Warehouses; Aggregation; Personalization; Situational Understanding
JOURNAL NAME:
International Journal of Communications, Network and System Sciences,
Vol.5 No.9A,
September
18,
2012
ABSTRACT: The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our proposed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describe the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.