Share This Article:

Network Intrusion Detection and Visualization Using Aggregations in a Cyber Security Data Warehouse

Abstract Full-Text HTML Download Download as PDF (Size:654KB) PP. 593-602
DOI: 10.4236/ijcns.2012.529069    4,016 Downloads   7,277 Views   Citations


The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our proposed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describe the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.

Conflicts of Interest

The authors declare no conflicts of interest.

Cite this paper

B. Denny Czejdo, E. M. Ferragut, J. R. Goodall and J. Laska, "Network Intrusion Detection and Visualization Using Aggregations in a Cyber Security Data Warehouse," International Journal of Communications, Network and System Sciences, Vol. 5 No. 9A, 2012, pp. 593-602. doi: 10.4236/ijcns.2012.529069.


[1] H. Kriegel, P. Kroger and A. Zimek, “Outlier Detection Techniques,” Proceedings of 13th Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD 2009), Bangkok, Thailand, 2009.
[2] V. Chandola, A. Banerjee and V. Kumar, “Anomaly Detection: A Survey,” ACM Computing Surveys, Vol. 41, No. 3, 2009, Article 15.
[3] S. Axelsson, “The Base-Rate Fallacy and the Difficulty of Intrusion Detection,” ACM Transactions on Information and System Security (TISSEC), Vol. 3, No. 3, 2000, pp. 186-205. doi:10.1145/357830.357849
[4] H. Teng, K. Chen and S. Lu, “Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns,” Proceedings of IEEE Symposium on Security and Privacy, Marlboro, 7-9 May 1990, pp. 278-284. doi:10.1109/RISP.1990.63857
[5] D. Denning, “An Intrusion Detection Model,” Proceedings of the Seventh IEEE Symposium on Security and Privacy, 7-9 May 1986, pp. 119-131.
[6] A. Jones and R. Sielken, “Computer System Intrusion Detection: A Survey,” Technical Report, Department of Computer Science, University of Virginia, Charlottesville, 1999.
[7] S. Cho, “Incorporating Soft Computing Techniques into a Probabilistic Intrusion Detection System,” IEEE Transactions on Systems, Man, and Cybernetics, Vol. 32, No. 2, 2002, pp. 154-160.
[8] A. Venturini, “Time Series Outlier Detection: A New Non Parametric Methodology (Washer),” Statistica—Università di Bologna, Vol. 71, 2011, pp. 329-344.
[9] E. M. Ferragut, D. M. Darmon, C. A. Shue and S. Kelley, “Automatic Construction of Anomaly Detectors from Graphical Models,” Proceedings of IEEE Symposium on Computational Intelligence in Cyber Security (CICS), Oak Ridge, 11-15 April 2011, pp. 9-16. doi:10.1109/CICYBS.2011.5949386
[10] A. Gupta, V. Harinarayan and D. Quass, “Aggregate- Query Processing in Data Warehousing Environments,” Proceedings of the VLDB, Zurich, 11-15 September 1995.
[11] J. Bischoff and T. Alexander, “Data Warehouse: Practical Advice from the Experts,” Prentice-Hall, Upper Saddle River, 1997.
[12] J. Widom, “Research Problems in Data Warehousing,” Proceedings of the 4th International Conference on Information and Knowledge Management, Baltimore, 28 November-2 December 1995.
[13] B. Czejdo, M. Taylor and C. Putonti, “Summary Tables in Data Warehouses,” Proceedings of ADVIS’2000, Turkey, 25-27 October 2000.

comments powered by Disqus

Copyright © 2019 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.