Computational Analysis + Visual Analysis for Network Intrusions

Analyzing network traffic data to detect suspicious network activities (i.e., intrusions) requires tremendous effort due to the variability of the data and constant changes in network traffic patterns. This project focuses on utilizing various interactive visual analysis techniques to help identify intrusive network events.

Interactive visual analysis is important to analyze network intrusions because it supports discovering significant differences among different network events. Various methods have been integrated to address the effectiveness of identifying abnormal network eventsWhen dimension contribution analysis is performed by changing the contribution of the five features (d37, d38, d68, d72, and d75) from 100% to 0%, a clear separation of pattern is emerged. Interestingly, we identified a couple of possible outliers. (A) in the figure indicates that a R2L attack is appeared within a DoS cluster. And (B) represents that a DoS attack positioned in a R2L cluster. These outliers might be strongly related to the five features. To investigate the cause of the items being appeared in other attack clusters, it is important to conduct an outlier analysis.

Pixel-based density visualization for network traffic data. The UGR'16 dataset was used to display daily network traffic patterns as well as abnormal network activities. It shows network traffic activities (approximately 500 million packets) that happened in the 1st week of August, 2016. To map the density of network traffic patterns, a heatmap view was designed, in where each row and column represents daily and hourly network traffic activities, respectively. And hourly network activities are arranged as cells from left to right indicating 00 through 23. The network activities are analyzed by generating colored glyphs to show minutely activities. Each colored glyph consists of sixty nodes indicating aggregated minutely network activities.

Published Papers

  • SY Ji, BK Jeong, C Kamhoua, N Leslie, DH Jeong, Forecasting network events to estimate attack risk: Integration of wavelet transform and vector auto regression with exogenous variables, Elsevier, Journal of Network and Computer Applications, 2022 LINK.

  • SY Ji, BK Jeong, DH Jeong, Evaluating visualization approaches to detect abnormal activities in network traffic data, Springer-Verlag, International Journal of Information Security, 20, pages331–345 (2021). LINK

  • N. Keegan, S.-Y. Ji, A. Chaudhary, C. Concolato, B. Yu, D. H. Jeong, A survey of cloud-based network intrusion detection analysis, Human-centric Computing and Information Sciences, Vol. 6, No. 19. doi:10.1186/s13673-016-0076-z, Springer-Verlag, December 2016. LINK

  • S. Y. Ji, B.-K. Jeong, S. Choi, D. H. Jeong, A multi-level intrusion detection method for abnormal network behaviors, Journal of Network and Computer Applications, Vol. 62, pp. 9-17, doi:10.1016/j.jnca.2015.12.004, Elsevier, Feb. 2016. LINK

  • Soo-Yeon Ji, Seonho Choi, and Dong Hyun Jeong. Designing an Internet Traffic Predictive Model by Applying a Signal Processing Method. Journal of Network and Systems Management, doi:10.1007/s10922-014-9335-3, Springer-Verlag, Volume 23, Issue 4, pp 998-1015, October 2015. LINK