-
PRISM: A Hierarchical Intrusion Detection Architecture for Large-Scale Cyber Networks
Authors:
Yahya Javed,
Mosab A. Khayat,
Ali A. Elghariani,
Arif Ghafoor
Abstract:
The increase in scale of cyber networks and the rise in sophistication of cyber-attacks have introduced several challenges in intrusion detection. The primary challenge is the requirement to detect complex multi-stage attacks in realtime by processing the immense amount of traffic produced by present-day networks. In this paper we present PRISM, a hierarchical intrusion detection architecture that…
▽ More
The increase in scale of cyber networks and the rise in sophistication of cyber-attacks have introduced several challenges in intrusion detection. The primary challenge is the requirement to detect complex multi-stage attacks in realtime by processing the immense amount of traffic produced by present-day networks. In this paper we present PRISM, a hierarchical intrusion detection architecture that uses a novel attacker behavior model-based sampling technique to minimize the realtime traffic processing overhead. PRISM has a unique multi-layered architecture that monitors network traffic distributedly to provide efficiency in processing and modularity in design. PRISM employs a Hidden Markov Model-based prediction mechanism to identify multi-stage attacks and ascertain the attack progression for a proactive response. Furthermore, PRISM introduces a stream management procedure that rectifies the issue of alert reordering when collected from distributed alert reporting systems. To evaluate the performance of PRISM, multiple metrics have been proposed, and various experiments have been conducted on a multi-stage attack dataset. The results exhibit up to 7.5x improvement in processing overhead as compared to a standard centralized IDS without the loss of prediction accuracy while demonstrating the ability to predict different attack stages promptly.
△ Less
Submitted 20 November, 2022; v1 submitted 22 November, 2021;
originally announced November 2021.
-
VASSL: A Visual Analytics Toolkit for Social Spambot Labeling
Authors:
Mosab Khayat,
Morteza Karimzadeh,
Jieqiong Zhao,
David S. Ebert
Abstract:
Social media platforms such as Twitter are filled with social spambots. Detecting these malicious accounts is essential, yet challenging, as they continually evolve and evade traditional detection techniques. In this work, we propose VASSL, a visual analytics system that assists in the process of detecting and labeling spambots. Our tool enhances the performance and scalability of manual labeling…
▽ More
Social media platforms such as Twitter are filled with social spambots. Detecting these malicious accounts is essential, yet challenging, as they continually evolve and evade traditional detection techniques. In this work, we propose VASSL, a visual analytics system that assists in the process of detecting and labeling spambots. Our tool enhances the performance and scalability of manual labeling by providing multiple connected views and utilizing dimensionality reduction, sentiment analysis and topic modeling techniques, which offer new insights that enable the identification of spambots. The system allows users to select and analyze groups of accounts in an interactive manner, which enables the detection of spambots that may not be identified when examined individually. We conducted a user study to objectively evaluate the performance of VASSL users, as well as capturing subjective opinions about the usefulness and the ease of use of the tool.
△ Less
Submitted 7 October, 2019; v1 submitted 31 July, 2019;
originally announced July 2019.
-
The Validity, Generalizability and Feasibility of Summative Evaluation Methods in Visual Analytics
Authors:
Mosab Khayat,
Morteza Karimzadeh,
David S. Ebert,
Arif Ghafoor
Abstract:
Many evaluation methods have been used to assess the usefulness of Visual Analytics (VA) solutions. These methods stem from a variety of origins with different assumptions and goals, which cause confusion about their proofing capabilities. Moreover, the lack of discussion about the evaluation processes may limit our potential to develop new evaluation methods specialized for VA. In this paper, we…
▽ More
Many evaluation methods have been used to assess the usefulness of Visual Analytics (VA) solutions. These methods stem from a variety of origins with different assumptions and goals, which cause confusion about their proofing capabilities. Moreover, the lack of discussion about the evaluation processes may limit our potential to develop new evaluation methods specialized for VA. In this paper, we present an analysis of evaluation methods that have been used to summatively evaluate VA solutions. We provide a survey and taxonomy of the evaluation methods that have appeared in the VAST literature in the past two years. We then analyze these methods in terms of validity and generalizability of their findings, as well as the feasibility of using them. We propose a new metric called summative quality to compare evaluation methods according to their ability to prove usefulness, and make recommendations for selecting evaluation methods based on their summative quality in the VA domain.
△ Less
Submitted 7 October, 2019; v1 submitted 31 July, 2019;
originally announced July 2019.
-
A Process-driven View on Summative Evaluation of Visual Analytics Solutions
Authors:
Mosab Khayat,
Arif Ghafoor
Abstract:
Many evaluation methods have been applied to assess the usefulness of visual analytics solutions. These methods are branching from a variety of origins with different assumptions, and goals. We provide a high-level overview of the process employed in each method using the generic evaluation model "GEM" that generalizes the process of usefulness evaluation. The model treats evaluation methods as pr…
▽ More
Many evaluation methods have been applied to assess the usefulness of visual analytics solutions. These methods are branching from a variety of origins with different assumptions, and goals. We provide a high-level overview of the process employed in each method using the generic evaluation model "GEM" that generalizes the process of usefulness evaluation. The model treats evaluation methods as processes that generate evidence of usefulness as output. Our model serves three purposes: It educate new VA practitioners about the heterogeneous evaluation practices in the field, it highlights potential risks in the process of evaluation which reduces their validity and It provide a guideline to elect suitable evaluation method.
△ Less
Submitted 31 October, 2018;
originally announced November 2018.
