Efficient visualization of security events in a large agent society


The paper describes the design and development of an efficient visualization tool called security console for monitoring security related events in a large agent society (Cougaar™). This administrative tool is primarily used to collect and process alert messages generated by various sensors across the distributed agent society. This tool exploits the agents' hierarchical structural for aggregating security events in order to discover correlation among them. In particular, it logically groups related alerts from raw messages (by removing duplicates, if any) and applies data mining techniques (like association rules and frequency episode learning), to discover situations that have certain characteristics in common. We performed extensive experimentation with the security console in various attack scenarios that generate large number of alert messages. Reported results exhibit that this alert monitoring and correlation tool can provide a profile of attack patterns which occur more frequently in the monitored agent society.

Publication Title

Proceedings of SPIE - The International Society for Optical Engineering