Network attack visualization and response through intelligent icons

Determination of appropriate response to information system attack is jointly determined by confidence of classification, nature (type) of attack, and confidence in effectiveness of response. In this paper we present a technique to rapidly assess similarity of observed behavior to attack or normal m...

Full description

Saved in:
Bibliographic Details
Main Authors: Evans, S.C., Markham, T.S., Bejtlich, R., Barnett, B., Scholz, B., Mitchell, R., Weizhong Yan, Steinbrecher, E., Impson, J.
Format: Conference Proceeding
Language:English
Subjects:
Intelligent networks
Visualization
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Determination of appropriate response to information system attack is jointly determined by confidence of classification, nature (type) of attack, and confidence in effectiveness of response. In this paper we present a technique to rapidly assess similarity of observed behavior to attack or normal models: displaying the similarity of observed data to learned minimum description length models for normal and attack behaviors using ¿intelligent icons¿. These icons provide a visual indication of similarity to normal and attack signatures and can alert human operators to the key motifs and signatures that affect confidence in classification and indicated response.
ISSN:2155-7578
2155-7586
DOI:10.1109/MILCOM.2009.5379856