Share Email Print

Proceedings Paper

Visual behavior characterization for intrusion and misuse detection
Author(s): Robert F. Erbacher; Deborah Frincke
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

As computer and network intrusions become more and more of a concern, the need for better capabilities, to assist in the detection and analysis of intrusions also increase. System administrators typically rely on log files to analyze usage and detect misuse. However, as a consequence of the amount of data collected by each machine, multiplied by the tens or hundreds of machines under the system administrator's auspices, the entirety of the data available is neither collected nor analyzed. This is compounded by the need to analyze network traffic data as well. We propose a methodology for analyzing network and computer log information visually based on the analysis of the behavior of the users. Each user's behavior is the key to determining their intent and overriding activity, whether they attempt to hide their actions or not. Proficient hackers will attempt to hide their ultimate activities, which hinders the reliability of log file analysis. Visually analyzing the users''s behavior however, is much more adaptable and difficult to counteract.

Paper Details

Date Published: 3 May 2001
PDF: 9 pages
Proc. SPIE 4302, Visual Data Exploration and Analysis VIII, (3 May 2001); doi: 10.1117/12.424930
Show Author Affiliations
Robert F. Erbacher, SUNY/Albany (United States)
Deborah Frincke, Univ. of Idaho (United States)

Published in SPIE Proceedings Vol. 4302:
Visual Data Exploration and Analysis VIII
Robert F. Erbacher; Philip C. Chen; Jonathan C. Roberts; Craig M. Wittenbrink; Matti Grohn, Editor(s)

© SPIE. Terms of Use
Back to Top