Most organizations deploy and operate intrusion detection system (IDS) on their networks in order to defend their vital computer and network resources from malicious cyber attackers. Although IDS has been contributed to the improvement of network security, there is a fatal problem in that it records the tremendous amount of alerts, so that security operators are unable to deal with all of them and it is inevitable to miss real cyber attacks from the recorded IDS alerts. Many visualization methods of IDS alerts have been proposed in order to cope with this issue, but their main objective is to better understand only overall attack situations, not to detect real cyber attacks.
In this paper, we propose an advanced visualization method of IDS alerts based on machine learning and statistical features derived from IDS alerts. The proposed visualization method can be contributed to the reduction of IDS alerts that must be analyzed by security operators and to effectively identify real cyber attacks from IDS alerts.
Visualization; Security Event; Machine Learning; Statistical Features; Real Cyber Attacks
Applied mathematics & information sciences : an international journal