Relevant bibliographies by topics / Visualization Computer security / Dissertations / Theses
To see the other types of publications on this topic, follow the link: Visualization Computer security.

Dissertations / Theses on the topic 'Visualization Computer security'

Author: Grafiati
Published: 4 June 2021
Last updated: 2 February 2022

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 24 dissertations / theses for your research on the topic 'Visualization Computer security.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.

1

Teoh, Soon Tee. "Interactive visualization techniques for computer network security /." For electronic version search Digital dissertations database. Restricted to UC campuses. Access is free to UC campus dissertations, 2004. http://uclibs.org/PID/11984.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Whitaker, Robert Bruce. "Applying Information Visualization to Computer Security Applications." DigitalCommons@USU, 2010. https://digitalcommons.usu.edu/etd/636.

Full text
Abstract:
This thesis presents two phases of research in applying visualization to network security challenges. The first phase included discovering the most useful and powerful features in existing computer security visualizations and incorporating them into the AdviseAid visualization platform, an existing software package. The incorporation of such a complete feature set required novel resolution of software engineering, human factors, and computer graphics issues. We also designed additional novel features, such as plugin interfaces, allowing for rapid prototyping and experimentation with novel visualization features and capabilities. The second phase of the research focused on the development of novel visualization techniques themselves. These novel visualizations were designed and created within AdviseAid to demonstrate that the features of AdviseAid are functional and helpful in the development process, as well as to be effective in the analysis of computer networks in their own right.
APA, Harvard, Vancouver, ISO, and other styles
3

Luse, Andrew William. "Exploring utilization of visualization for computer and network security." [Ames, Iowa : Iowa State University], 2009.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
4

Abdullah, Kulsoom B. "Scaling and Visualizing Network Data to Facilitate in Intrusion Detection Tasks." Diss., Georgia Institute of Technology, 2006. http://hdl.handle.net/1853/10509.

Full text
Abstract:
As the trend of successful network attacks continue to rise, better forms of intrusion, detection and prevention are needed. This thesis addresses network traffic visualization techniques that aid administrators in recognizing attacks. A view of port statistics and Intrusion Detection System (IDS) alerts has been developed. Each help to address issues with analyzing large datasets involving networks. Due to the amount of traffic as well as the range of possible port numbers and IP addresses, scaling techniques are necessary. A port-based overview of network activity produces an improved representation for detecting and responding to malicious activity. We have found that presenting an overview using stacked histograms of aggregate port activity, combined with the ability to drill-down for finer details allows small, yet important details to be noticed and investigated without being obscured by large, usual traffic. Another problem administrators face is the cumbersome amount of alarm data generated from IDS sensors. As a result, important details are often overlooked, and it is difficult to get an overall picture of what is occurring in the network by manually traversing textual alarm logs. We have designed a novel visualization to address this problem by showing alarm activity within a network. Alarm data is presented in an overview from which system administrators can get a general sense of network activity and easily detect anomalies. They additionally have the option of then zooming and drilling down for details. Based on our system administrator requirements study, this graphical layout addresses what system administrators need to see, is faster and easier than analyzing text logs, and uses visualization techniques to effectively scale and display the data. With this design, we have built a tool that effectively uses operational alarm log data generated on the Georgia Tech campus network. For both of these systems, we describe the input data, the system design, and examples. Finally, we summarize potential future work.
APA, Harvard, Vancouver, ISO, and other styles
5

Nunnally, Troy J. "Advanced visualizations for network security." Diss., Georgia Institute of Technology, 2014. http://hdl.handle.net/1853/52993.

Full text
Abstract:
Monitoring volumes of malicious network data for across multiple sources can potentially be overwhelming. As a result, vital data is at a greater risk of being overlooked and the time span for analyzing it could be too lengthy. One way to address this issue is to employ network security visualization techniques to evaluate security risks and identify malicious activity to help mitigate compromised nodes on a network. The purpose of this thesis is to introduce a visualization framework to help reduce task-completion time, enhance situational awareness, and decrease user error of complex visualizations for network security applications. From the developed framework, three techniques are suggested as contributions using visualization and interaction: (1) Stereoscopic visualization technique aims to increase user awareness of vulnerabilities and malicious attacks, (2) the recommender system aims to ensure efficient navigation in complex 3D environments, and (3) an interaction system aims to assist in usability of visualization environments using Natural User Interfaces (NUIs). To investigate the aforementioned techniques, the following tools were created: 3D Stereoscopic Vulnerability Assessment Tool (3DSVAT), Parallel 3D Coordinate Visualization (P3D), NAVSEC recommender system, and Interaction System for Network Security (InterSec).
APA, Harvard, Vancouver, ISO, and other styles
6

Freet, David Nathan. "A Security Visualization Analysis Methodology for Improving Network Intrusion Detection Efficiency." Thesis, Indiana State University, 2017. http://pqdtopen.proquest.com/#viewpdf?dispub=10261868.

Full text
Abstract:

The flood of raw data generated by intrusion detection and other network monitoring devices can be so overwhelming that it causes great difficulty in detecting patterns that might indicate malicious traffic. In order to more effectively monitor and process network and forensic data within a virtualized environment, Security Visualization (SecViz) provides software-based visual interfaces to analyze live and logged network data within the domains of network security, network and cloud forensics, attack prevention, compliance management, wireless security, secure coding, and penetration testing. Modern networks generate enormous amounts of data that is often stored in logs. Due to the lack of effective approaches to organizing and visualizing log data, most network monitoring tools focus at a high level on data throughput and efficiency, or dig too far down into the packet level to allow for useful analysis by network administrators. SecViz offers a simpler and more effective approach to analyzing the massive amounts of log data generated on a regular basis. Graphical representations make it possible to identify and detect malicious activity, and spot general trends and relationships among individual data points. The human brain can rapidly process visual information in a detailed and meaningful manner. By converting network security and forensic data into a human-readable picture, SecViz can address and solve complex data analysis challenges and significantly increase the efficiency by which data is processed by information security professionals.

This study utilizes the Snort intrusion detection system and SecViz tools to monitor and analyze various attack scenarios in a virtualized cloud computing environment. Real-time attacks are conducted in order to generate traffic and log data that can then be re-played in a number of software applications for analysis. A Java-based program is written to aggregate and display Snort data, and then incorporated into a custom Linux-based software environment along with select open-source SecViz tools. A methodology is developed to correlate Snort intrusion alerts with log data in order to create a visual picture that can significantly enhance the identification of malicious network activity and discrimination from normal traffic within a virtualized cloud-based network.

APA, Harvard, Vancouver, ISO, and other styles
7

Kasemsri, Rawiroj Robert. "A Survey, Taxonomy, and Analysis of Network Security Visualization Techniques." Digital Archive @ GSU, 2006. http://digitalarchive.gsu.edu/cs_theses/17.

Full text
Abstract:
Network security visualization is a relatively new field and is quickly gaining momentum. Network security visualization allows the display and projection of the network or system data, in hope to efficiently monitor and protect the system from any intrusions or possible attacks. Intrusions and attacks are constantly continuing to increase in number, size, and complexity. Textually reading through log files or other textual sources is currently insufficient to secure a network or system. Using graphical visualization, security information is presented visually, and not only by text. Without network security visualization, reading through log files or other textual sources is an endless and aggravating task for network security analysts. Visualization provides a method of displaying large volume of information in a relatively small space. It also makes patterns easier to detect, recognize, and analyze. This can help security experts to detect problems that may otherwise be missed in reading text based log files. Network security visualization has become an active research field in the past six years and a large number of visualization techniques have been proposed. A comprehensive analysis of the existing techniques is needed to help network security designers make informed decisions about the appropriate visualization techniques under various circumstances. Moreover, a taxonomy of the existing visualization techniques is needed to classify the existing network security visualization techniques and present a high level overview of the field. In this thesis, the author surveyed the field of network security visualization. Specifically, the author analyzed the network security visualization techniques from the perspective of data model, visual primitives, security analysis tasks, user interaction, and other design issues. Various statistics were generated from the literatures. Based on this analysis, the author has attempted to generate useful guidelines and principles for designing effective network security visualization techniques. The author also proposed a taxonomy for the security visualization techniques. To the author’s knowledge, this is the first attempt to generate a taxonomy for network security visualization. Finally, the author evaluated the existing network security visualization techniques and discussed their characteristics and limitations. For future research, the author also discussed some open research problems in this field. This research is a step towards a thorough analysis of the problem space and the solution space in network security visualization.
APA, Harvard, Vancouver, ISO, and other styles
8

Shirazi, Patrick. "Identifying Challenges in Cybersecurity Data Visualization Dashboards." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-80412.

Full text
Abstract:
Nowadays, a massive amount of cybersecurity data-objects, such as security events, logs,messages, are flowing through different cybersecurity systems. With the enormous fastdevelopment of different cloud environments, big data, IoT, and so on, these amounts of data areincreasingly revolutionary. One of the challenges for different security actors, such as securityadmins, cybersecurity analysis, and network technicians, is how to utilize this amount of data inorder to reach meaningful insights, so they can be used further in diagnosis, validation, forensicand decision-making purposes. In order to make useful and get meaningful insights from this data, we need to have efficientdashboards that simplify the data and provide a human-understandable presentation of data. Currently, there are plenty of SIEM and visualization dashboard tools that are using a variety ofreport generator engines to generate charts and diagrams. Although there have been manyadvances in recent years due to utilizing AI and big data, security professionals are still facingsome challenges in using the visualization dashboards. During recent years, many research studies have been performed to discover and address thesetypes of challenges. However, due to the rapid change in the way of working in many companies(e.g. digital transformation, agile way of working, etc.) and besides utilizing cloud environments,that are providing almost everything as a service, it is needed to discover what challenges are stillthere and whether they are still experiencing the same challenges or new ones have emerged. Following a qualitative method and utilizing the Delphi technique with two rounds of interviews,the results show that although the technical and tool-specific concerns really matter, the mostsignificant challenges are due to the business architecture and the way of working.
APA, Harvard, Vancouver, ISO, and other styles
9

Musa, Shahrulniza. "Visualising network security attacks with multiple 3D visualisation and false alert classification." Thesis, Loughborough University, 2008. https://dspace.lboro.ac.uk/2134/14241.

Full text
Abstract:
Increasing numbers of alerts produced by network intrusion detection systems (NIDS) have burdened the job of security analysts especially in identifying and responding to them. The tasks of exploring and analysing large quantities of communication network security data are also difficult. This thesis studied the application of visualisation in combination with alerts classifier to make the exploring and understanding of network security alerts data faster and easier. The prototype software, NSAViz, has been developed to visualise and to provide an intuitive presentation of the network security alerts data using interactive 3D visuals with an integration of a false alert classifier. The needs analysis of this prototype was based on the suggested needs of network security analyst's tasks as seen in the literatures. The prototype software incorporates various projections of the alert data in 3D displays. The overview was plotted in a 3D plot named as "time series 3D AlertGraph" which was an extension of the 2D histographs into 3D. The 3D AlertGraph was effectively summarised the alerts data and gave the overview of the network security status. Filtering, drill-down and playback of the alerts at variable speed were incorporated to strengthen the analysis. Real-time visual observation was also included. To identify true alerts from all alerts represents the main task of the network security analyst. This prototype software was integrated with a false alert classifier using a classification tree based on C4.5 classification algorithm to classify the alerts into true and false. Users can add new samples and edit the existing classifier training sample. The classifier performance was measured using k-fold cross-validation technique. The results showed the classifier was able to remove noise in the visualisation, thus making the pattern of the true alerts to emerge. It also highlighted the true alerts in the visualisation. Finally, a user evaluation was conducted to find the usability problems in the tool and to measure its effectiveness. The feed backs showed the tools had successfully helped the task of the security analyst and increased the security awareness in their supervised network. From this research, the task of exploring and analysing a large amount of network security data becomes easier and the true attacks can be identified using the prototype visualisation tools. Visualisation techniques and false alert classification are helpful in exploring and analysing network security data.
APA, Harvard, Vancouver, ISO, and other styles
10

Wang, Hsiu-Chung. "Toward a Heuristic Model for Evaluating the Complexity of Computer Security Visualization Interface." Digital Archive @ GSU, 2006. http://digitalarchive.gsu.edu/cs_theses/35.

Full text
Abstract:
Computer security visualization has gained much attention in the research community in the past few years. However, the advancement in security visualization research has been hampered by the lack of standardization in visualization design, centralized datasets, and evaluation methods. We propose a new heuristic model for evaluating the complexity of computer security visualizations. This complexity evaluation method is designed to evaluate the efficiency of performing visual search in security visualizations in terms of measuring critical memory capacity load needed to perform such tasks. Our method is based on research in cognitive psychology along with characteristics found in a majority of the security visualizations. The main goal for developing this complexity evaluation method is to guide computer security visualization design and compare different visualization designs. Finally, we compare several well known computer security visualization systems. The proposed method has the potential to be extended to other areas of information visualization.
APA, Harvard, Vancouver, ISO, and other styles
11

Conti, Gregory John. "Countering network level denial of information attacks using information visualization." Diss., Available online, Georgia Institute of Technology, 2006, 2006. http://etd.gatech.edu/theses/available/etd-03232006-112827/.

Full text
Abstract:
Thesis (Ph. D.)--Computing, Georgia Institute of Technology, 2006.
Stasko, John, Committee Member ; Owen, Henry, Committee Member ; Merkle, Ralph, Committee Member ; Lee, Wenke, Committee Member ; Ahamad, Mustaque, Committee Chair.
APA, Harvard, Vancouver, ISO, and other styles
12

Conti, Greg. "Countering network level denial of information attacks using information visualization /." Available online, Georgia Institute of Technology, 2006, 2006. http://etd.gatech.edu/theses/available/etd-03232006-112827/.

Full text
APA, Harvard, Vancouver, ISO, and other styles
13

Abuaitah, Giovani Rimon. "Trusted Querying over Wireless Sensor Networks and Network Security Visualization." Wright State University / OhioLINK, 2009. http://rave.ohiolink.edu/etdc/view?acc_num=wright1240163119.

Full text
APA, Harvard, Vancouver, ISO, and other styles
14

Fink, Glenn Allen. "Visual Correlation of Network Traffic and Host Processes for Computer Security." Diss., Virginia Tech, 2006. http://hdl.handle.net/10919/28770.

Full text
Abstract:
Much computer communications activity is invisible to the user, happening without explicit permission. When system administrators investigate network communications activities, they have difficulty tracing them back to the processes that cause them. The strictly layered TCP/IP networking model that underlies all widely used, general-purpose operating systems makes it impossible to trace a packet seen on the network back to the processes that are responsible for generating and receiving it. The TCP/IP model separates the concerns of network routing and process ownership so that the layers cannot share the information needed to correlate packets to processes. But knowing what processes are responsible for communications activities can be a great help in determining whether that activity is benign or malicious. My solution combines a visualization tool, a kernel-level correlation engine, and middleware that ties the two together. My research enables security personnel to visually correlate packets to the processes they belong to helping users determine whether communications are benign or malicious. I present my discoveries about the system administrator community and relate how I created a new correlation technology. I conducted a series of initial interviews with system administrators to clarify the problem, researched available solutions in the literature, identified what was missing, and worked with users to build it. The users were my co-designers as I built a series of prototypes of increasing fidelity and conducted usability evaluations on them. I hope that my work will demonstrate how well the participatory design approach works. My work has implications for the kernel structure of all operating system kernels with a TCP/IP protocol stack and network model. In light of my research, I hope security personnel will more clearly see sets of communicating processes on a network as basic computational units rather than the individual host computers. If kernel designers incorporate my findings into their work, it will enable much better security monitoring than is possible today making the Internet safer for all.
Ph. D.
APA, Harvard, Vancouver, ISO, and other styles
15

Gasant, Mogamad Yaqeen. "Firewall information and security visualization : improving the usage and adoption of modern network firewalls by novice users." Master's thesis, University of Cape Town, 2007. http://hdl.handle.net/11427/6398.

Full text
Abstract:
Word processed copy.
Includes bibliographical references (leaves 77-79).
The increasing number of people having access to computers and the Internet and the numerous services provided by the Internet - e.g., Internet banking, online shopping, eBay, email - emphasizes the need for computer security which is understandable to novice users. Whilst the technology underlying a firewall is effective, most users have no idea how to configure the software to suit their needs. This research focuses on personal firewalls because it is our belief and I will show that personal firewalls are more at risk than those of large corporations. Our hypothesis for this research is that many of the users who install personal firewalls lack the knowledge to properly configure them. We propose that the problem with a personal firewall is that most users do not have the correct conceptual models of interaction between computer, firewall, and security in order to configure these personal firewalls correctly. We aim to use information visualization [3] as a possible solution to the problem of novice users configuring their personal firewalls.
APA, Harvard, Vancouver, ISO, and other styles
16

Swart, Ignatius Petrus. "Pro-active visualization of cyber security on a National Level : a South African case study." Thesis, Rhodes University, 2015. http://hdl.handle.net/10962/d1017940.

Full text
Abstract:
The need for increased national cyber security situational awareness is evident from the growing number of published national cyber security strategies. Governments are progressively seen as responsible for cyber security, but at the same time increasingly constrained by legal, privacy and resource considerations. Infrastructure and services that form part of the national cyber domain are often not under the control of government, necessitating the need for information sharing between governments and commercial partners. While sharing of security information is necessary, it typically requires considerable time to be implemented effectively. In an effort to decrease the time and effort required for cyber security situational awareness, this study considered commercially available data sources relating to a national cyber domain. Open source information is typically used by attackers to gather information with great success. An understanding of the data provided by these sources can also afford decision makers the opportunity to set priorities more effectively. Through the use of an adapted Joint Directors of Laboratories (JDL) fusion model, an experimental system was implemented that visualized the potential that open source intelligence could have on cyber situational awareness. Datasets used in the validation of the model contained information obtained from eight different data sources over a two year period with a focus on the South African .co.za sub domain. Over a million infrastructure devices were examined in this study along with information pertaining to a potential 88 million vulnerabilities on these devices. During the examination of data sources, a severe lack of information regarding the human aspect in cyber security was identified that led to the creation of a novel Personally Identifiable Information detection sensor (PII). The resultant two million records pertaining to PII in the South African domain were incorporated into the data fusion experiment for processing. The results of this processing are discussed in the three case studies. The results offered in this study aim to highlight how data fusion and effective visualization can serve to move national cyber security from a primarily reactive undertaking to a more pro-active model.
APA, Harvard, Vancouver, ISO, and other styles
17

Mahmood, Waqas, and Muhammad Faheem Akhtar. "Validation of Machine Learning and Visualization based Static Code Analysis Technique." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-4347.

Full text
Abstract:
Software security has always been an afterthought in software development which results into insecure software. Companies rely on penetration testing for detecting security vulnerabilities in their software. However, incorporating security at early stage of development reduces cost and overhead. Static code analysis can be applied at implementation phase of software development life cycle. Applying machine learning and visualization for static code analysis is a novel idea. Technique can learn patterns by normalized compression distance NCD and classify source code into correct or faulty usage on the basis of training instances. Visualization also helps to classify code fragments according to their associated colors. A prototype was developed to implement this technique called Code Distance Visualizer CDV. In order test the efficiency of this technique empirical validation is required. In this research we conduct series of experiments to test its efficiency. We use real life open source software as our test subjects. We also collected bugs from their corresponding bug reporting repositories as well as faulty and correct version of source code. We train CDV by marking correct and faulty version of code fragments. On the basis of these trainings CDV classifies other code fragments as correct or faulty. We measured its fault detection ratio, false negative and false positive ratio. The outcome shows that this technique is efficient in defect detection and has low number of false alarms.
Software trygghet har alltid varit en i efterhand inom mjukvaruutveckling som leder till osäker mjukvara. Företagen är beroende av penetrationstester för att upptäcka säkerhetsproblem i deras programvara. Att införliva säkerheten vid tidigt utvecklingsskede minskar kostnaderna och overhead. Statisk kod analys kan tillämpas vid genomförandet av mjukvaruutveckling livscykel. Tillämpa maskininlärning och visualisering för statisk kod är en ny idé. Teknik kan lära mönster av normaliserade kompressionständning avstånd NCD och klassificera källkoden till rätta eller felaktig användning på grundval av utbildning fall. Visualisering bidrar också till att klassificera code fragment utifrån deras associerade färger. En prototyp har utvecklats för att genomföra denna teknik som kallas Code Avstånd VISUALISERARE CDV. För att testa effektiviteten hos denna teknik empirisk validering krävs. I denna forskning vi bedriver serie experiment för att testa dess effektivitet. Vi använder verkliga livet öppen källkod som vår test ämnen. Vi har också samlats in fel från deras motsvarande felrapportering förråd samt fel och rätt version av källkoden. Vi utbildar CDV genom att markera rätt och fel version av koden fragment. På grundval av dessa träningar CDV klassificerar andra nummer fragment som korrekta eller felaktiga. Vi mätt sina fel upptäckt förhållandet falska negativa och falska positiva förhållandet. Resultatet visar att den här tekniken är effektiv i fel upptäckt och har låga antalet falsklarm.
waqasmah@gmail.com +46762316108
APA, Harvard, Vancouver, ISO, and other styles
18

Conley, Thomas A. "Effective Programmatic Analysis of Network Flow Data for Security and Visualization using Higher-order Statistics and Domain Specific Embedded Languages." Ohio University / OhioLINK, 2012. http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1336482912.

Full text
APA, Harvard, Vancouver, ISO, and other styles
19

Lui, Nathan. "DependencyVis: Helping Developers Visualize Software Dependency Information." DigitalCommons@CalPoly, 2021. https://digitalcommons.calpoly.edu/theses/2270.

Full text
Abstract:
The use of dependencies have been increasing in popularity over the past decade, especially as package managers such as JavaScript's npm has made getting these packages a simple command to run. However, while incidents such as the left-pad incident has increased awareness of how vulnerable relying on these packages are, there is still some work to be done when it comes to getting developers to take the extra research step to determine if a package is up to standards. Finding metrics of different packages and comparing them is always a difficult and time consuming task, especially since potential vulnerabilities are not the only metric to consider. For example, considering how popular and how actively maintained the package is also just as important. Therefore, we propose a visualization tool called DependencyVis that is specific to JavaScript projects and npm packages as a solution by analyzing a project's dependencies in order to help developers by looking up the many basic metrics that can address a dependency's popularity, activeness, and vulnerabilities such as the number of GitHub stars, forks, and issues as well as security advisory information from npm audit. This thesis then proposes many use cases for DependencyVis to help users compare dependencies by displaying the dependencies in a graph with metrics represented by aspects such as node color or node size.
APA, Harvard, Vancouver, ISO, and other styles
20

Alfredsson, Anders, and Gustav Larsson. "Lokalisering och visualisering av område : En smartphone-applikation för en ökad trygghetskänsla." Thesis, Örebro universitet, Institutionen för naturvetenskap och teknik, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:oru:diva-51574.

Full text
Abstract:
Rapporten handlar om olika metoder för att lokalisera smartphones och skapandet av en Androidapplikation. Applikationen skulle visualisera Campusområdet vid Örebro universitet för att öka medvetenheten och säkerhetskänslan för personer som är där kvällar och nätter. Implementationen av systemet beskrivs tillsammans med de problem som uppstod, samt dess lösningar.
The report is about different methods of localizing smartphones and the creation of an Android application. The application should visualize the Campus for Örebro university to raise awareness and the sense of security for people who are there at night. The implementation of the system is described along with the problems during development, and how they were solved.
APA, Harvard, Vancouver, ISO, and other styles
21

Kim, Tiffany Hyun-Jin. "All Trust Is Local: Empowering Users’ Authentication Decisions on the Internet." Research Showcase @ CMU, 2012. http://repository.cmu.edu/dissertations/132.

Full text
APA, Harvard, Vancouver, ISO, and other styles
22

Leichtnam, Laetitia. "Detecting and visualizing anomalies in heterogeneous network events : Modeling events as graph structures and detecting communities and novelties with machine learning." Thesis, CentraleSupélec, 2020. http://www.theses.fr/2020CSUP0011.

Full text
Abstract:
L'objectif général de cette thèse est d'évaluer l'intérêt des graphes dans le domaine de l'analyse des données de sécurité.Nous proposons une approche de bout en bout composé d'un modèle unifié de données réseau sous forme de graphes, d'un système de découverte de communauté, d'un système de détection d'anomalies non supervisé et d'une visualisation des données sous forme de graphes. Le modèle unifié est obtenue en utilisant des graphes de connaissance pour représenter des journaux d'évènements hétérogènes ainsi que du trafic réseau. La détection de communautés permet de sélectionner des sous-graphes représentant des événements fortement liés à une alerte ou à un IoC et qui sont donc pertinents pour l'analyse forensique. Notre système de détection d'intrusion basé sur les anomalies repose sur la détection de nouveauté par un autoencodeur et donne de très bons résultats sur les jeux de données CICIDS 2017 et 2018. Enfin, la visualisation immersive des données de sécurité permet de mettre en évidence les relations entre les éléments de sécurité et les événements malveillants ou les IoCs. Cela donne à l'analyste de sécurité un bon point de départ pour explorer les données et reconstruire des scénarii d'attaques globales
The general objective of this thesis is to evaluate the interest of graph structures in the field of security data analysis.We propose an end-to-end approach consisting in a unified view of the network data in the form of graphs, a community discovery system, an unsupervised anomaly detection system, and a visualization of the data in the form of graphs. The unified view is obtained using knowledge graphs to represent heterogeneous log files and network traffics. Community detection allows us to select sub-graphs representing events that are strongly related to an alert or an IoC and that are thus relevant for forensic analysis. Our anomaly-based intrusion detection system relies on novelty detection by an autoencoder and exhibits very good results on CICIDS 2017 and 2018 datasets. Finally, an immersive visualization of security data allows highlighting the relations between security elements and malicious events or IOCs. This gives the security analyst a good starting point to explore the data and reconstruct global attack scenarii
APA, Harvard, Vancouver, ISO, and other styles
23

Gaw, Tyler J. "ARL-VIDS visualization techniques : 3D information visualization of network security events." 2014. http://liblink.bsu.edu/uhtbin/catkey/1745749.

Full text
Abstract:
Government agencies and corporations are growing increasingly reliant on networks for day-to-day operations including communication, data processing, and data storage. As a result, these networks are in a constant state of growth. These burgeoning networks cause the number of network security events requiring investigation to grow exceptionally, creating new problems for network security analysts. The increasing number of attacks propagated against high-value networks only increases the gravity. Therefore, security analysts need assistance to be able to continue to monitor network events at an acceptable rate. Network analysts rely on many different systems and tools to properly secure a network. One line of defense is an intrusion detection system or IDS. Intrusion detection systems monitor networks for suspicious activity and then print alerts to a log file. An important part of effective intrusion detection is finding relationships between network events, which allows for detection of network anomalies. However, network analysts typically monitor these logs in a sparsely formatted view, which simply isn’t effective for large networks. Therefore, a Visual Intrusion Detection System or VIDS is an interesting solution to aid network security analysts in properly securing the networks. The visualization tool takes a log file and represents the alerts on a three-dimensional graph. Previous research shows that humans have an innate ability to match patterns based on visual cues, which we hope will allow network analysts to match patterns between alerts and identify anomalies. In addition, the tool will leverage the user’s intuition and experience to aid intrusion detection by allowing them to manipulate the view of the data. The objective of this thesis is to quantify and measure the effectiveness of this Visual Intrusion Detection System built as an extension to the SNORT open source IDS. The purpose of the visualization is to give network security analysts an alternative view from what traditional network security software provides. This thesis will also explore other features that can be built into a Visual Intrusion Detection System to improve its functionality.
Department of Computer Science
APA, Harvard, Vancouver, ISO, and other styles
24

(10723926), Adefolarin Alaba Bolaji. "Community Detection of Anomaly in Large-Scale Network Dissertation - Adefolarin Bolaji .pdf." Thesis, 2021.

Find full text
Abstract:

The detection of anomalies in real-world networks is applicable in different domains; the application includes, but is not limited to, credit card fraud detection, malware identification and classification, cancer detection from diagnostic reports, abnormal traffic detection, identification of fake media posts, and the like. Many ongoing and current researches are providing tools for analyzing labeled and unlabeled data; however, the challenges of finding anomalies and patterns in large-scale datasets still exist because of rapid changes in the threat landscape.

In this study, I implemented a novel and robust solution that combines data science and cybersecurity to solve complex network security problems. I used Long Short-Term Memory (LSTM) model, Louvain algorithm, and PageRank algorithm to identify and group anomalies in large-scale real-world networks. The network has billions of packets. The developed model used different visualization techniques to provide further insight into how the anomalies in the network are related.

Mean absolute error (MAE) and root mean square error (RMSE) was used to validate the anomaly detection models, the results obtained for both are 5.1813e-04 and 1e-03 respectively. The low loss from the training phase confirmed the low RMSE at loss: 5.1812e-04, mean absolute error: 5.1813e-04, validation loss: 3.9858e-04, validation mean absolute error: 3.9858e-04. The result from the community detection shows an overall modularity value of 0.914 which is proof of the existence of very strong communities among the anomalies. The largest sub-community of the anomalies connects 10.42% of the total nodes of the anomalies.

The broader aim and impact of this study was to provide sophisticated, AI-assisted countermeasures to cyber-threats in large-scale networks. To close the existing gaps created by the shortage of skilled and experienced cybersecurity specialists and analysts in the cybersecurity field, solutions based on out-of-the-box thinking are inevitable; this research was aimed at yielding one of such solutions. It was built to detect specific and collaborating threat actors in large networks and to help speed up how the activities of anomalies in any given large-scale network can be curtailed in time.


APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the bibliographies on the topic 'Visualization Computer security' for other source types:
Journal articles Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography