| With the pervasive use of the Internet, Web architecture is widely adopted in information systems. However, web applications are being faced with various threats from Internet because it is exposed to hackers and malicious users. Intrusion detection is an effective way to secure web applications.Existing intrusion detection systems are challenged by following requirements. (1) The behavior patterns of users in web applications providing open Internet services are complex because the activities of users are free and uncertain. Thus, high false positive is raised in open environment because the detection performance is different while applying an intrusion detection system to handle different behavior patterns. (2) The activities of Internet users are impacted by various factors which caused by society or network. The exactness of user behavior patterns of Internet users are influenced too. The detection performance of intrusion detection systems in Internet environment could be poor if the impact of environment is usually ignored. (3) Due to large volume of Internet users and web resource monitored, the intrusion detection system has to cope with enormous log data. Thus, the efficiency problem greatly restricts the spread use of intrusion detection systems in Internet environment.This dissertation presents the concept of visualization in intrusion detection by way of combining intrusion detection and information visualization. This dissertation focuses on how to transform activities information of users in target systems to understandable visual information. It facilitates that security experts and security administrators efficiently cooperate with intrusion detection systems, and the detection performance of intrusion detection systems is improved.Firstly, this dissertation analyzes the problem being faced with existing intrusion detection systems while being used to secure web applications providing Internet services, and expatiate on the importance of visualization in intrusion detection. Secondly, the objective of the dissertation is proposed. Thirdly, the dissertation overviews the related work, and points out the deficiency of the existing work in open Internet environment. In order to improve the deficiency, this dissertation focuses on the reference model, framework and corresponding algorithms of visualization in intrusion detection, then the algorithms is analyzed theoretically and experimentally. The contribution of this dissertation mainly includes: (1) traditional PCA-based visualization algorithm in intrusion detection is improved, the efficiency of the algorithm is promoted, and the capacity of the algorithm to process large volume of log data is enhanced; (2) a new high-fidelity and deterministic CCA-based visualization algorithm in intrusion detection is proposed, and it facilitates to visualize activities information of users with complex behavior patterns; (3) two kind of visualization algorithms in intrusion detection based on density field are presented, and they can transform large volume of log data to richer visual information which represents behavior patterns of users.The work of the dissertation provides a new approach to improve the detection performance of intrusion detection.
|
PDF Full Text Request