Understanding the context of network traffic alerts

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

24 Citations (Scopus)

Abstract

For the protection of critical infrastructures against complex virus attacks, automated network traffic analysis and deep packet inspection are unavoidable. However, even with the use of network intrusion detection systems, the number of alerts is still too large to analyze manually. In addition, the discovery of domain-specific multi stage viruses (e.g., Advanced Persistent Threats) are typically not captured by a single alert. The result is that security experts are overloaded with low-level technical alerts where they must look for the presence of an APT. In this paper we propose an alert-oriented visual analytics approach for the exploration of network traffic content in multiple contexts. In our approach CoNTA (Contextual analysis of Network Traffic Alerts), experts are supported to discover threats in large alert collections through interactive exploration using selections and attributes of interest. Tight integration between machine learning and visualization enables experts to quickly drill down into the alert collection and report false alerts back to the intrusion detection system. Finally, we show the effectiveness of the approach by applying it on real world and artificial data sets.
Original languageEnglish
Title of host publication2016 IEEE Symposium on Visualization for Cyber Security (VizSec), 24 October 2016, Baltimore, Maryland
EditorsD.M. Best, D. Staheli, N. Prigent, S. Engle, L. Harrison
Place of PublicationPiscataway
PublisherInstitute of Electrical and Electronics Engineers
Pages1-8
Number of pages8
ISBN (Electronic)978-1-5090-1605-1
ISBN (Print)978-1-5090-1606-8
DOIs
Publication statusPublished - 10 Nov 2016

Fingerprint

Dive into the research topics of 'Understanding the context of network traffic alerts'. Together they form a unique fingerprint.

Cite this