Image Processing Reference
In-Depth Information
Chapter 7
Incorporating Uncertainty in Intrusion
Detection to Enhance Decision Making
Lane Harrison and Aidong Lu
Abstract
Network security defense often involves uncertain data which can lead
to uncertain judgments regarding the existence and extent of attacks. However, ana-
lytic uncertainty and false positive decisions can be integrated into analysis tools to
facilitate the process of decision making. This paper presents an interactive method
to specify and visualize uncertain decisions to assist in the detection process of net-
work intrusions. Uncertain decisions on the degree of suspicious activity for both
temporal durations and individual nodes are integrated into the analysis process to
aide in revealing hidden attack patterns. Our approach has been implemented in an
existing security visualization system, which is used as the baseline for comparing
the effects of newly added uncertainty visualization component. The case studies
and comparison results demonstrate that uncertainty visualization can significantly
improve the decision making process for attack detection.
7.1 Introduction
Networking security generally deals with a large amount of false positives, which
are challenging for efficient and prompt decision making. Even for simple questions
like “whether an attack has occurred”, security analysts often need to search for
subtle traces in the data and analyze the data from different perspectives before
making final decision. During this process, numerous assumptions and tests are
carried out, which often overlap on dimensions like attack duration and malicious
nodes. The capability to integrate partially-developed decisions and assumptionsmay
help analysts in organizing and sorting out incomplete results in order to make more
complete final decisions and reports. Closely related to decision making, uncertainty
visualization can be developed for this purpose.
(
B
)
·
A. Lu
The University of North Carolina at Charlotte, Charlotte, NC, USA
e-mail: ltharri1@uncc.edu
A. Lu
e-mail: aidong.lu@uncc.edu
L. Harrison
Search WWH ::
Custom Search