Using Visual Analytics for Web Intrusion Detection

Web sites are likely to be regularly scanned and attacked by both automated and manual means. Intrusion Detection Systems (IDS) assist security analysts by automatically identifying potential attacks from network activity and produce alerts describing the details of these intrusions. However, IDS have problems, such as false positives, operational issues in high-speed environments and the difficulty of detecting unknown threats. Much of ID research has focused on improving the accuracy and operation of IDSs but surprisingly there has been very little research into supporting the security analysts’ intrusion detection tasks. Lately, security analysts face an increasing workload as their networks expand and attacks become more frequent. In this paper we describe an ongoing surveillance prototype system which offers a visual aid to the web and security analyst by monitoring and exploring 3D graphs. The system offers a visual surveillance of the network activity on a web server for both normal and anomalous or malicious activity. Colours are used on the 3D graphics to indicate different categories of web attacks and the analyst has the ability to navigate into the web requests, of either normal or malicious traffic. Artificial Intelligence is combined with Visualization to detect and display unauthorized web traffic.