Graphical user interface for intrusion detection in telecommunications networks

No Thumbnail Available
Journal Title
Journal ISSN
Volume Title
School of Science | Master's thesis
Checking the digitized thesis and permission for publishing
Instructions for the author
Date
2011
Major/Subject
Tietokoneverkot
Mcode
T-110
Degree programme
Language
en
Pages
[7] + 66 s. + liitt. 3
Series
Abstract
Telecommunications networks increasingly depend on the Internet and computer networks. This exposes the telecommunications systems to intrusions, data theft, and service interruptions. Protecting against the intrusions is especially challenging because of the complex interdependencies inside the networks and between different networks. Moreover, a trend towards massive attacks against the network infrastructure is already evident. One solution to the security concerns is monitoring. Monitoring of large networks has become an active field both in practice and research. Through monitoring systems, malicious activities can be identified and analyzed, and knowledge is gained for better protecting the networks in the future. The work of network administrators can be aided by visualizing the monitoring data and results of analysis tools. The current security analysis and visualization tools have been designed for monitoring enterprise networks and do not adequately support the monitoring of telecommunication networks. One reason is that, in telecommunication networks, the volume of produced alarms and reports is far bigger than in enterprise networks and this increases the workload of network administrators. It is also necessary to understand the specific information, data sources and visualization methods suitable for telecommunications systems. This thesis focuses on solving the above problems in network-based intrusion detection systems (NIDS) that are based on anomaly detection. It presents a graphical user interface (GUI) concept for the analysis of anomalies in a telecommunications network environment. The goal of this GUI is to enable efficient exploration of suspicious events within the monitored network. In this concept, various visualization methods are used in order to enable a quick visual insight into communications patterns. Two use cases with synthetic data are used to demonstrate how the GUI facilitates the network administrator's work in judging the relevance of alerts and analyzing service usage within a network.
Description
Supervisor
Aura, Tuomas
Thesis advisor
Hätönen, Kimmo
Halonen, Perttu
Keywords
network security monitoring, network-based intrusion detection, visualization for network security, large-scale network analysis
Other note
Citation