Network Intrusion Detection and Visualization Using Aggregations in a Cyber Security Data Warehouse


The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our proposed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describe the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.

Share and Cite:

B. Denny Czejdo, E. M. Ferragut, J. R. Goodall and J. Laska, "Network Intrusion Detection and Visualization Using Aggregations in a Cyber Security Data Warehouse," International Journal of Communications, Network and System Sciences, Vol. 5 No. 9A, 2012, pp. 593-602. doi: 10.4236/ijcns.2012.529069.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] H. Kriegel, P. Kroger and A. Zimek, “Outlier Detection Techniques,” Proceedings of 13th Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD 2009), Bangkok, Thailand, 2009.
[2] V. Chandola, A. Banerjee and V. Kumar, “Anomaly Detection: A Survey,” ACM Computing Surveys, Vol. 41, No. 3, 2009, Article 15.
[3] S. Axelsson, “The Base-Rate Fallacy and the Difficulty of Intrusion Detection,” ACM Transactions on Information and System Security (TISSEC), Vol. 3, No. 3, 2000, pp. 186-205. doi:10.1145/357830.357849
[4] H. Teng, K. Chen and S. Lu, “Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns,” Proceedings of IEEE Symposium on Security and Privacy, Marlboro, 7-9 May 1990, pp. 278-284. doi:10.1109/RISP.1990.63857
[5] D. Denning, “An Intrusion Detection Model,” Proceedings of the Seventh IEEE Symposium on Security and Privacy, 7-9 May 1986, pp. 119-131.
[6] A. Jones and R. Sielken, “Computer System Intrusion Detection: A Survey,” Technical Report, Department of Computer Science, University of Virginia, Charlottesville, 1999.
[7] S. Cho, “Incorporating Soft Computing Techniques into a Probabilistic Intrusion Detection System,” IEEE Transactions on Systems, Man, and Cybernetics, Vol. 32, No. 2, 2002, pp. 154-160.
[8] A. Venturini, “Time Series Outlier Detection: A New Non Parametric Methodology (Washer),” Statistica—Università di Bologna, Vol. 71, 2011, pp. 329-344.
[9] E. M. Ferragut, D. M. Darmon, C. A. Shue and S. Kelley, “Automatic Construction of Anomaly Detectors from Graphical Models,” Proceedings of IEEE Symposium on Computational Intelligence in Cyber Security (CICS), Oak Ridge, 11-15 April 2011, pp. 9-16. doi:10.1109/CICYBS.2011.5949386
[10] A. Gupta, V. Harinarayan and D. Quass, “Aggregate- Query Processing in Data Warehousing Environments,” Proceedings of the VLDB, Zurich, 11-15 September 1995.
[11] J. Bischoff and T. Alexander, “Data Warehouse: Practical Advice from the Experts,” Prentice-Hall, Upper Saddle River, 1997.
[12] J. Widom, “Research Problems in Data Warehousing,” Proceedings of the 4th International Conference on Information and Knowledge Management, Baltimore, 28 November-2 December 1995.
[13] B. Czejdo, M. Taylor and C. Putonti, “Summary Tables in Data Warehouses,” Proceedings of ADVIS’2000, Turkey, 25-27 October 2000.

Copyright © 2023 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.