상세정보
학술지
An Efficient Network Attack Visualization Using Security Quad and Cube
- 발행일
- 201010
- 출처
- ETRI Journal, v.33 no.5, pp.770-779
- ISSN
- 1225-6463
- 출판사
- 한국전자통신연구원 (ETRI)
- 협약과제
- 10MS5100, 산업시설 정보자산 보호용 공간연동 침입 탐지 및 대응 기술 개발, 나중찬
- 초록
- Security quad and cube (SQC) is a network attack analyzer that is capable of aggregating many different events into a single significant incident and visualizing these events in order to identify suspicious or illegitimate behavior. A network administrator recognizes network anomalies by analyzing the traffic data and alert messages generated in the security devices; however, it takes a lot of time to inspect and analyze them because the security devices generate an overwhelming amount of logs and security events. In this paper, we propose SQC, an efficient method for analyzing network security through visualization. The proposed method monitors anomalies occurring in an entire network and displays detailed information of the attacks. In addition, by providing a detailed analysis of network attacks, this method can more precisely detect and distinguish them from normal events. © 2011 Optical Society of America.
- KSP 제안 키워드
- Detailed information, Network Attacks, Network anomaly, Security devices, alert messages, network security, security event, traffic data