Designing an Interactive Web-based Visualization System to Analyze Network Behaviors using Cloud Computing

Abstract

Attack detection is a challenging area of research in information assurance. Intruders use various methods to perform masquerade attacks or deceive known detection techniques. They are always seeking a way to disrupt network traffic and debase network performance to compromise computing infrastructures. Although numerous intrusion detection techniques have been proposed, identifying intrusive network behaviors from a massive amount of network traffic data is still considered a major research challenge because it commonly requires high-end computing resources. To overcome this limitation, researchers have started designing cloud-based intrusion detection techniques. Although some of them are well designed to detect intrusions, resulting a very high rate of false positives is a major problem. Since an incorrectly designed rule can generate thousands of alerts in a short period, decision makers might not be able to review all of them. Thus, reducing false positives is critical because only a small number of false positives can be determined as legitimate intrusion alerts. Therefore, it is significant to design a mechanism for verifying and validating the intrusion alerts effectively. Previously, the PI designed a predictive intrusion model to distinguish abnormal network behaviors (under the support of the HBCU/MI program) and showed that the model is superior to other traditional methods 1 2. As a continuation of the previous project, designing a new interactive web-based visualization system is proposed to analyze network behaviors using cloud computing technology and interactive visual analytics techniques. First, our research begins with extracting significant features to address the challenge of analyzing extensive network traffic data for detecting intrusions with reducing the high false-positive rate. It will be conducted as an approach to leveraging the power of parallel processing (i.e. Map-Reduce) and signal processing techniques. Then, all extracted significant information will be stored in a knowledge base to help the user identify reasons behind the false-positives and to measure uncertainty through the designed web-based system. In the system, a graphical representation of the attacks will be added with an integration of directed graph theory. Also, several user interaction techniques (e.g. selection, filtration, manipulation, and navigation) will be tightly coupled with the system to support the user to conduct an interactive exploration of the visually represented data (including detected intrusions). Thus, it can benefit decision makers by providing informative knowledge to understand the patterns of detected attack behaviors. Also, it will advance the ability to analyze complex data by emphasizing the effectiveness of utilizing both interactive web-based visual analysis and cloud computing. To the best of our knowledge, there is no similar study that has been done in developing an interactive web-based visualization system for analyzing network behaviors with emphasizing the representation of both outliers and uncertainty. This project is conducted at Bowie State University (BSU). It benefits underrepresented minority students to gain knowledge in network security and cloud computing from practical research experience, to help them participate in the research of solving real-world problems, and eventually to build their career goals in network security and cybersecurity. 1S.Y. Ji, B.-K. Jeong, S. Choi, D.H. Jeong, A multi-level intrusion detection method for abnormal network behaviors, Journal of Network and Computer Applications, Elsevier, Vol. 62, pp. 9-17, Feb. 2016. 2S.Y. Ji, S. Choi, and D.H. Jeong. Designing an Internet Traffic Predictive Model by Applying a Signal Processing Method. Journal of Network and Systems Management, Springer-Verlag, Vol. 23, Issue 4, pp 998-1015, 2015.

Document Details

Document Type

DoD Grant Award

Publication Date

Feb 14, 2019

Source ID

W911NF1810460

Entities

Tags