Graphical user interface for intrusion detection in telecommunications networks

Thumbnail Image

URL

Journal Title

Journal ISSN

Volume Title

School of Science | Master's thesis
Checking the digitized thesis and permission for publishing
Instructions for the author

Authors

Date

2011

Department

Tietotekniikan laitos

Major/Subject

Tietokoneverkot

Mcode

T-110

Degree programme

Language

en

Pages

[7] + 66 s. + liitt. 3

Series

Abstract

Telecommunications networks increasingly depend on the Internet and computer networks. This exposes the telecommunications systems to intrusions, data theft, and service interruptions. Protecting against the intrusions is especially challenging because of the complex interdependencies inside the networks and between different networks. Moreover, a trend towards massive attacks against the network infrastructure is already evident. One solution to the security concerns is monitoring. Monitoring of large networks has become an active field both in practice and research. Through monitoring systems, malicious activities can be identified and analyzed, and knowledge is gained for better protecting the networks in the future. The work of network administrators can be aided by visualizing the monitoring data and results of analysis tools. The current security analysis and visualization tools have been designed for monitoring enterprise networks and do not adequately support the monitoring of telecommunication networks. One reason is that, in telecommunication networks, the volume of produced alarms and reports is far bigger than in enterprise networks and this increases the workload of network administrators. It is also necessary to understand the specific information, data sources and visualization methods suitable for telecommunications systems. This thesis focuses on solving the above problems in network-based intrusion detection systems (NIDS) that are based on anomaly detection. It presents a graphical user interface (GUI) concept for the analysis of anomalies in a telecommunications network environment. The goal of this GUI is to enable efficient exploration of suspicious events within the monitored network. In this concept, various visualization methods are used in order to enable a quick visual insight into communications patterns. Two use cases with synthetic data are used to demonstrate how the GUI facilitates the network administrator's work in judging the relevance of alerts and analyzing service usage within a network.

Description

Supervisor

Aura, Tuomas

Thesis advisor

Hätönen, Kimmo
Halonen, Perttu

Keywords

network security monitoring, network-based intrusion detection, visualization for network security, large-scale network analysis

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-2020122358091

Collections

[dipl] Perustieteiden korkeakoulu / SCI