Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
HAPTICS '02 Proceedings of the 10th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Information Visualization: Perception for Design
Information Visualization: Perception for Design
SnortView: visualization system of snort logs
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Visualizing Cyber Attacks using IP Matrix
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
IDS RainStorm: Visualizing IDS Alarms
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Applied Security Visualization
Applied Security Visualization
Using Time Series 3D AlertGraph and False Alert Classification to Analyse Snort Alerts
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
A Survey of Radial Methods for Information Visualization
IEEE Transactions on Visualization and Computer Graphics
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Situational assessment of intrusion alerts: a multi attack scenario evaluation
ICICS'11 Proceedings of the 13th international conference on Information and communications security
A real-time visualization framework for IDS alerts
Proceedings of the 5th International Symposium on Visual Information Communication and Interaction
Hi-index | 0.00 |
Traversing through multiple pages of log entries, trying to detect malicious and anomalous behavior and being able to correlate events to address multiple use cases is a non trivial task for a security administrator. It requires resources, expert knowledge and time. In this paper, we present a novel security visualization system entitled Avisa. It accentuates fundamental matters of information visualization, namely interaction and animation and synthesizes it with intrusion detection audit traces. Visual constraints inspired the use of heuristic metrics to select and display hosts with irregular and variant behaviors. We thoroughly describe the ideas behind the heuristic metrics and perform an empirical analysis to individually evaluate each metric's functionality. Avisa's intuitive interface, accompanied by the power of the heuristic functions, allows the perception of patterns and emergent properties, facilitating in understanding the underlying data.