Graphical user interface for intrusion detection in telecommunications networks

dc.contributorAalto Universityen
dc.contributor.advisorHätönen, Kimmo
dc.contributor.advisorHalonen, Perttu
dc.contributor.authorZahariev, Alexander
dc.contributor.departmentTietotekniikan laitosfi
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.schoolSchool of Scienceen
dc.contributor.supervisorAura, Tuomas
dc.description.abstractTelecommunications networks increasingly depend on the Internet and computer networks. This exposes the telecommunications systems to intrusions, data theft, and service interruptions. Protecting against the intrusions is especially challenging because of the complex interdependencies inside the networks and between different networks. Moreover, a trend towards massive attacks against the network infrastructure is already evident. One solution to the security concerns is monitoring. Monitoring of large networks has become an active field both in practice and research. Through monitoring systems, malicious activities can be identified and analyzed, and knowledge is gained for better protecting the networks in the future. The work of network administrators can be aided by visualizing the monitoring data and results of analysis tools. The current security analysis and visualization tools have been designed for monitoring enterprise networks and do not adequately support the monitoring of telecommunication networks. One reason is that, in telecommunication networks, the volume of produced alarms and reports is far bigger than in enterprise networks and this increases the workload of network administrators. It is also necessary to understand the specific information, data sources and visualization methods suitable for telecommunications systems. This thesis focuses on solving the above problems in network-based intrusion detection systems (NIDS) that are based on anomaly detection. It presents a graphical user interface (GUI) concept for the analysis of anomalies in a telecommunications network environment. The goal of this GUI is to enable efficient exploration of suspicious events within the monitored network. In this concept, various visualization methods are used in order to enable a quick visual insight into communications patterns. Two use cases with synthetic data are used to demonstrate how the GUI facilitates the network administrator's work in judging the relevance of alerts and analyzing service usage within a network.en
dc.format.extent[7] + 66 s. + liitt. 3
dc.subject.keywordnetwork security monitoringen
dc.subject.keywordnetwork-based intrusion detectionen
dc.subject.keywordvisualization for network securityen
dc.subject.keywordlarge-scale network analysisen
dc.titleGraphical user interface for intrusion detection in telecommunications networksen
dc.type.okmG2 Pro gradu, diplomityö
dc.type.ontasotMaster's thesisen
dc.type.ontasotPro gradu -tutkielmafi