Home-centric visualization of network traffic for security administration
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
PortVis: a tool for port-based detection of security events
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Preserving the Big Picture: Visual Network Traffic Analysis with TN
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Now You See It: Simple Visualization Techniques for Quantitative Analysis
Now You See It: Simple Visualization Techniques for Quantitative Analysis
IDS alert visualization and monitoring through heuristic host selection
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Intrusion and misuse detection in large-scale systems
IEEE Computer Graphics and Applications
A Survey of Visualization Systems for Network Security
IEEE Transactions on Visualization and Computer Graphics
Hi-index | 0.00 |
In this research study, we focus on intrusion alerts and the burden of analyzing numerous security events by network administrators. We present Avisa2, a network security visualization system that can assist in the comprehension of IDS alerts and detection of abnormal pattern activities. The quantity of security events triggered by modern day intrusion systems, accompanied by the level of complexity and lack of correlation between events, limits the human cognitive process in identifying anomalous behavior. This shortcoming induces the need for an automated process that would project critical situations and prioritize network hosts encountering peculiar behaviors. At the heart of Avisa2 lies a collection of heuristic functions that are utilized to score, rank, and prioritize internal hosts of the monitored network. We believe this contribution elevates the practicality of Avisa2 in identifying critical situations and renders it to be far superior to traditional security systems that solely focus on visualization. The effectiveness of Avisa2 is evaluated on two multi-stage attack scenarios; each intentionally focused on a particular attack type, network service, and network range. Avisa2 proved effective and accurate in prioritizing hosts under attack or hosts in which attacks were performed from.