Visualisation of Cyber Security Data With Data Mining to Facilitate More Accurate and Relevant Analysis (CU MSc Dissertation)

Abstract

With increasing of cyber security data size new automatize and manual analysing methods are being developed. Cyber security visualization tools are relatively new and effective approach in manual analysing methods. On the other hand data mining based security tools are effective approach in automatize analysing methods with lack of human interaction.

In this report a hybrid approach involves information visualization and data mining is suggested and a software is developed to evaluate how useful this approach is. A clustering algorithm named DBSCAN is preferred and different colours are used to encode different clusters on a scatter plot.

First remarkable thing in this project is that seven different attributes of an IP packet are visualized in a scatter plot in a software. Each unique source IP and destination IP pair is directly mapped to system. Number of unique destination port of the each IP pair is encoded with size attribute. And length, windows size, sequence NO and TTL values used in data mining process and reflected to display with colour attribute.

Second point is that a data mining algorithm is used to assist security analysers. Data mining algorithms in cyber security is used in many projects. But they do everything automatically which is reducing reliability of these systems. But in this project data mining is used only as an advice tool which is also appropriate for information visualization theory.