Graph Reduction

When audit trails are displayed graphically, they can take the form of inter-related nodes, edges, and (sub)graphs. Such is the case with the depictions generated by the Visual Audit Browser Frame Generator and Movie Maker.

It is often useful to take a low-level graph and convert these into less complicated, higher level, graphs. One might want to convert the several nodes and edges that make up a login and reduce it down to a couple nodes and edges. Some possible applications of these types of graph reductions are:

o attack signature analysis
o anomaly detection
o misuse detection
o audit log summaries
o intrusion detection system construction
o intrusion detection systems
Jim was developing the Notation for Attribute Graphs (NAG) as a facility by which to make these reductions. Some notes on NAG are available.

See this example of a graph reduction.

AWB SecLab Home Page Last revised 12-Oct-94 by Jim Hoagland