IDS alert visualization and monitoring through heuristic host selection

Authors:
Hadi Shiravi;Ali Shiravi;Ali A. Ghorbani
Affiliations:
Information Security Centre of Excellence, University of New Brunswick, Canada;Information Security Centre of Excellence, University of New Brunswick, Canada;Information Security Centre of Excellence, University of New Brunswick, Canada
Venue:
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Year:
2010

Citing 12
Cited 2

Aggregation and Correlation of Intrusion-Detection Alerts

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Network Intrusion Visualization with NIVA, an Intrusion Detection Visual Analyzer with Haptic Integration

HAPTICS '02 Proceedings of the 10th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems
Alert Correlation in a Cooperative Intrusion Detection Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Information Visualization: Perception for Design

Information Visualization: Perception for Design
SnortView: visualization system of snort logs

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
A Comprehensive Approach to Intrusion Detection Alert Correlation

IEEE Transactions on Dependable and Secure Computing
Visualizing Cyber Attacks using IP Matrix

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
IDS RainStorm: Visualizing IDS Alarms

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Applied Security Visualization

Applied Security Visualization
Using Time Series 3D AlertGraph and False Alert Classification to Analyse Snort Alerts

VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
A Survey of Radial Methods for Information Visualization

IEEE Transactions on Visualization and Computer Graphics
M2D2: a formal data model for IDS alert correlation

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection

Situational assessment of intrusion alerts: a multi attack scenario evaluation

ICICS'11 Proceedings of the 13th international conference on Information and communications security
A real-time visualization framework for IDS alerts

Proceedings of the 5th International Symposium on Visual Information Communication and Interaction

Quantified Score

Hi-index	0.00

Visualization

Abstract

Traversing through multiple pages of log entries, trying to detect malicious and anomalous behavior and being able to correlate events to address multiple use cases is a non trivial task for a security administrator. It requires resources, expert knowledge and time. In this paper, we present a novel security visualization system entitled Avisa. It accentuates fundamental matters of information visualization, namely interaction and animation and synthesizes it with intrusion detection audit traces. Visual constraints inspired the use of heuristic metrics to select and display hosts with irregular and variant behaviors. We thoroughly describe the ideas behind the heuristic metrics and perform an empirical analysis to individually evaluate each metric's functionality. Avisa's intuitive interface, accompanied by the power of the heuristic functions, allows the perception of patterns and emergent properties, facilitating in understanding the underlying data.