Intrusion behavior detection through visualization

As computer and network intrusions become more and more of a concern, the need for better capabilities to assist in the detection and analysis of intrusions also increases. We propose a methodology for analyzing network and computer log information visually based on the analysis of user behavior. Each user’s behavior is the key to determining their intent and overriding goals, whether they attempt to hide their actions or not. Proficient hackers will attempt to hide their ultimate goal, which hinders the reliability of log file analysis. Visually analyzing the user’s behavior, however, is much more adaptable and difficult to counteract. This paper will discuss how user behavior can be exhibited within the visualization techniques, the capabilities provided by the environment, typical characteristics users should look out for (i.e., how unusual behavior exhibits itself), and exploration paradigms effective for identifying the meaning behind the user’s behavior.