Computer security - the protection of data and computer systems from intentional, malicious intervention - is attracting increasing attention. Much work has gone into development of tools to detect ongoing or already perpetrated attacks, but a key shortfall in current intrusion detection systems is the high number of false alarms they produce. This book analyzes the false alarm problem, then applies results from the field of information visualization to the problem of intrusion detection. Four different visualization approaches are presented, mainly applied to data from web server access logs.
Table of ContentsAn Introduction to Intrusion Detection.- The Base-Rate Fallacy and the Difficulty of Intrusion Detection.- Visualizing Intrusions: Watching the Webserver.- Combining a Bayesian Classifier with Visualization: Understanding the IDS.- Visualizing the Inner Workings of a Self Learning Classifier: Improving the Usability of Intrusion Detection Systems.- Visualization for Intrusion DetectionHooking the Worm.- Epilogue.