Temporal sequence learning and data reduction for anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility
ACM SIGKDD Explorations Newsletter
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
SnortView: visualization system of snort logs
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Introduction to Data Mining, (First Edition)
Introduction to Data Mining, (First Edition)
Understanding multistage attacks by attack-track based visualization of heterogeneous event streams
Proceedings of the 3rd international workshop on Visualization for computer security
An intelligent, interactive tool for exploration and visualization of time-oriented security data
Proceedings of the 3rd international workshop on Visualization for computer security
Tool update: high alarm count issues in IDS rainstorm
Proceedings of the 3rd international workshop on Visualization for computer security
Visualizations to improve reactivity towards security incidents inside corporate networks
Proceedings of the 3rd international workshop on Visualization for computer security
RAAS: a reliable analyzer and archiver for snort intrusion detection system
Proceedings of the 2007 ACM symposium on Applied computing
Learning program behavior profiles for intrusion detection
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology
Hi-index | 0.00 |
Today's Intrusion detection systems when deployed on a busy network overload the network with huge number of alerts. This behavior of producing too much raw information makes network based intrusion detection systems less effective. We propose a system which groups and analyzes the alerts generated by Snort to visualize possible intrusions in a network. Our Visualization model contains two components. Our first component gives the network administrator with the logical topology of the network and detailed information of each node that involves its associated alerts and connections. The second visualization component, flocking model, presents the network administrator with the visual representation of IDS data in which each alert is represented in different color and the alerts with maximum similarity move together. This gives network administrator with the idea of detecting various of intrusions through visualizing the alert patterns.