Alerts visualization and clustering in network-based intrusion detection

Authors:
Swetha Dasireddy;Wade Gasior;Xiaohui Cui;Li Yang
Affiliations:
University of TN at Chattanooga, Chattanooga, TN;University of TN at Chattanooga, Chattanooga, TN;Oak Ridge National Laboratory, Oak Ridge, TN;University of TN at Chattanooga, Chattanooga, TN
Venue:
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Year:
2010

Citing 12
Cited 0

Temporal sequence learning and data reduction for anomaly detection

ACM Transactions on Information and System Security (TISSEC)
Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility

ACM SIGKDD Explorations Newsletter
Clustering intrusion detection alarms to support root cause analysis

ACM Transactions on Information and System Security (TISSEC)
SnortView: visualization system of snort logs

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Introduction to Data Mining, (First Edition)

Introduction to Data Mining, (First Edition)
Understanding multistage attacks by attack-track based visualization of heterogeneous event streams

Proceedings of the 3rd international workshop on Visualization for computer security
An intelligent, interactive tool for exploration and visualization of time-oriented security data

Proceedings of the 3rd international workshop on Visualization for computer security
Tool update: high alarm count issues in IDS rainstorm

Proceedings of the 3rd international workshop on Visualization for computer security
Visualizations to improve reactivity towards security incidents inside corporate networks

Proceedings of the 3rd international workshop on Visualization for computer security
RAAS: a reliable analyzer and archiver for snort intrusion detection system

Proceedings of the 2007 ACM symposium on Applied computing
Learning program behavior profiles for intrusion detection

ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations

Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Today's Intrusion detection systems when deployed on a busy network overload the network with huge number of alerts. This behavior of producing too much raw information makes network based intrusion detection systems less effective. We propose a system which groups and analyzes the alerts generated by Snort to visualize possible intrusions in a network. Our Visualization model contains two components. Our first component gives the network administrator with the logical topology of the network and detailed information of each node that involves its associated alerts and connections. The second visualization component, flocking model, presents the network administrator with the visual representation of IDS data in which each alert is represented in different color and the alerts with maximum similarity move together. This gives network administrator with the idea of detecting various of intrusions through visualizing the alert patterns.