Multi-node monitoring and intrusion detection Export

@inproceedings{citeulike:625210, abstract = {The monitoring of systems connected to the Internet is critical for the maintenance of security and privacy. The threat of hackers, terrorism, and internal misuse are major concerns of any organization. In this paper, we expand our visual monitoring environment to support multiple monitored systems and provide an effective layout of the nodes (hosts) for the analysis of the networked environment. We discuss the analysis and correlation strategies needed in such a multi-host environment in order to identify unusual activity. The effectiveness of the correlation and analysis activities is directly related to the node organization. We will show that the node layout we have developed leads to a very effective organization in that line intersections and line orientations are designed to be informative and indicative of unusual activity. Given the effectiveness of line intersections and line orientations as visual attractors, as they are discerned pre-attentively [1], this leads to a very effective monitoring environment. Given our goal is to provide an additional tool to system administrators with the understanding that this is not their sole task then the ready discrimination and identification of activity needing attention is crucial}, author = {Erbacher, R. F. and Teng, Z. and Pandit, S.}, booktitle = {Proceedings of the IASTED International Conerence On Visualization, Imaging, and Image Processing}, citeulike-article-id = {625210}, citeulike-linkout-0 = {http://www.cs.albany.edu/~erbacher/publications/Multi-NodeMonitoring-VIIP2002.pdf}, keywords = {anomaly, detection, glyphs, graphing, information, intrusion, monitoring, visualization}, month = {September}, pages = {720--725}, posted-at = {2006-05-12 15:14:08}, priority = {2}, title = {Multi-node monitoring and intrusion detection}, url = {http://www.cs.albany.edu/~erbacher/publications/Multi-NodeMonitoring-VIIP2002.pdf}, year = {2002} }

TY - CONF ID - citeulike:625210 L3 - citeulike-article-id:625210 N2 - The monitoring of systems connected to the Internet is critical for the maintenance of security and privacy. The threat of hackers, terrorism, and internal misuse are major concerns of any organization. In this paper, we expand our visual monitoring environment to support multiple monitored systems and provide an effective layout of the nodes (hosts) for the analysis of the networked environment. We discuss the analysis and correlation strategies needed in such a multi-host environment in order to identify unusual activity. The effectiveness of the correlation and analysis activities is directly related to the node organization. We will show that the node layout we have developed leads to a very effective organization in that line intersections and line orientations are designed to be informative and indicative of unusual activity. Given the effectiveness of line intersections and line orientations as visual attractors, as they are discerned pre-attentively [1], this leads to a very effective monitoring environment. Given our goal is to provide an additional tool to system administrators with the understanding that this is not their sole task then the ready discrimination and identification of activity needing attention is crucial EP - 725 TI - Multi-node monitoring and intrusion detection T2 - Proceedings of the IASTED International Conerence On Visualization, Imaging, and Image Processing SP - 720 KW - anomaly KW - detection KW - glyphs KW - graphing KW - information KW - intrusion KW - monitoring KW - visualization AU - Erbacher, RF AU - Teng, Z AU - Pandit, S PY - 2002/09// UR - http://www.cs.albany.edu/~erbacher/publications/Multi-NodeMonitoring-VIIP2002.pdf ER -