Christopher J. Morris

Case Study: Visualization and Information Retrieval Techniques for Network Intrusion Detection

Travis Atkinson, Kathleen Pensy, Charles Nicholas, David S. Ebert, Rebekah Atkinson, and Christopher J. Morris
IEEE VisSym 2001: Joint Eurographics - IEEE TVCG Symposium on Visualization.
May 2001


We describe our efforts to analyze network intrusion detection data using information retrieval and visualization tools. By regarding Telnet sessions as documents, which may or may not include attacks, a session that contains a certain type of attack can be used as a query, allowing us to search the data for other instances of that same type of attack. The use of information visualization techniques allows us to quickly and clearly find the attacks and also find similar, potentially new types of attacks.


IEEE - Copyright © 2001 by IEEE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit. To copy otherwise, to republish, to post of servers, or to redistribute to lists, requires prior specific permission and/or a fee.

IRSFA_VISSYM01.doc (747520 bytes)