Hierarchical clustering and visualization of aggregate cyber data

Most commercial intrusion detections systems (IDS) can produce a very high volume of alerts, and are typically plagued by a high false positive rate. The approach described here uses Splunk to aggregate IDS alerts. The aggregated IDS alerts are retrieved from Splunk programmatically and are then clu...

Full description

Saved in:
Bibliographic Details
Main Authors: Patton, R. M., Beaver, J. M., Steed, C. A., Potok, T. E., Treadwell, J. N.
Format: Conference Proceeding
Language:English
Subjects:
Computer security
Correlation
Data visualization
Flexible printed circuits
hierarchical clustering
IDS analysis
Intrusion detection
Mice
Reliability
sunburst visualization
vector space model
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Most commercial intrusion detections systems (IDS) can produce a very high volume of alerts, and are typically plagued by a high false positive rate. The approach described here uses Splunk to aggregate IDS alerts. The aggregated IDS alerts are retrieved from Splunk programmatically and are then clustered using text analysis and visualized using a sunburst diagram to provide an additional understanding of the data. The equivalent of what the cluster analysis and visualization provides would require numerous detailed queries using Splunk and considerable manual effort.
ISSN:2376-6492
DOI:10.1109/IWCMC.2011.5982725