Full Text

1 Introduction

The expansion of computer networks and the usage of the internet have led to an increase in the amount of data owing through networks. However, as the usage of the network increases, so has the number of network attacks. As a result, various researches have been done on intrusion detection systems and intrusion prevention systems but they still have some problems.

Previous intrusion detection systems were only able to detection known attacks, and the more sophisticated anomaly detection methods were time consuming and needed a large amount of computing time. Furthermore, anomaly based intrusion detection systems had problems with generating many false positives. To solve these problems many researches have been done in the held of visualization. Visualization is a method which can derive information from a vast amount of data. Therefore, to derive information from a vast amount data, administrators are using visualization techniques [1, 2, 3]. Real-Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization] [4] uses a few features from the network packet header information for the visualization of network attacks. However, there is no basis on which method used only a few particular features for detection. Visual Data Mining using Principle Projection Algorithms and Information Visualization Techniques [5] used projection algorithms such as Generative Topographic Mapping (GTM). However, most projection algorithms have data transformation method that make errors to original populations. Also, Internet Attack Visualization on Parallel Coordinates(PCAV) [6] uses the 4 features which can be derived from network flow to detect scanning, worm, DoS attacks but because of the lack of features we are only able to see whether or not an attack occurred.

This paper proposes a method to solve the problems of [4, 5] and [6]...