Using Time Series 3D AlertGraph and False Alert Classification to Analyse Snort Alerts

Authors:
Shahrulniza Musa;David J. Parish
Affiliations:
Malaysian Institute of Information Technology, University Kuala Lumpur, Kuala Lumpur 50250;Electronic and Electrical Eng. Dept., Loughborough University, Loughborough, U.K LE11 3TU
Venue:
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Year:
2008

Citing 12
Cited 2

Usability inspection methods

CHI '94 Conference Companion on Human Factors in Computing Systems
The Eyes Have It: A Task by Data Type Taxonomy for Information Visualizations

VL '96 Proceedings of the 1996 IEEE Symposium on Visual Languages
NVisionIP: netflow visualizations of system state for security situational awareness

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Combining a bayesian classifier with visualisation: understanding the IDS

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Statistical profiling and visualization for detection of malicious insider attacks on computer networks

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
SnortView: visualization system of snort logs

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
The Design of VisFlowConnect-IP: A Link Analysis System for IP Security Situational Awareness

IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance
IDGraphs: Intrusion Detection and Analysis Using Histographs

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
IDS RainStorm: Visualizing IDS Alarms

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Time series modeling for IDS alert management

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Visualising Communication Network Security Attacks

IV '07 Proceedings of the 11th International Conference Information Visualization
A study of cross-validation and bootstrap for accuracy estimation and model selection

IJCAI'95 Proceedings of the 14th international joint conference on Artificial intelligence - Volume 2

IDS alert visualization and monitoring through heuristic host selection

ICICS'10 Proceedings of the 12th international conference on Information and communications security
A real-time visualization framework for IDS alerts

Proceedings of the 5th International Symposium on Visual Information Communication and Interaction

Quantified Score

Hi-index	0.00

Visualization

Abstract

A top-level overview of Snort alerts using 3D visual and alert classification is discussed. This paper describes the top-level view (time series 3D AlertGraph) with the integration of alert classification to visualise Snort alerts. The advantages of using this view are (1) It summarised the alerts into different colours to indicate the quantity of alerts from (SRCIP, DPORT) pairs; (2) It used alert classification to highlight the true alerts; (3) Through interaction tools, the alerts can be highlighted according to the source IP, destination IP or destination port;. (4) A large numbers of alerts can be viewed in a single display and (5) A temporal characteristic of attacks can be discovered.