A real-time visualization framework for IDS alerts

Authors:
Ying Zhao;Fangfang Zhou;Xiaoping Fan
Affiliations:
Central South University, Changsha Hunan;Central South University, Changsha Hunan;Central South University, Changsha Hunan
Venue:
Proceedings of the 5th International Symposium on Visual Information Communication and Interaction
Year:
2012

Citing 12
Cited 1

Network Intrusion Visualization with NIVA, an Intrusion Detection Visual Analyzer with Haptic Integration

HAPTICS '02 Proceedings of the 10th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems
VisFlowConnect: netflow visualizations of link relationships for security situational awareness

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
SnortView: visualization system of snort logs

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
IDS RainStorm: Visualizing IDS Alarms

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Visual Correlation of Network Alerts

IEEE Computer Graphics and Applications
Applied Security Visualization

Applied Security Visualization
Using Time Series 3D AlertGraph and False Alert Classification to Analyse Snort Alerts

VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Internet traffic behavior profiling for network security monitoring

IEEE/ACM Transactions on Networking (TON)
SpiralView: Towards Security Policies Assessment through Visual Correlation of Network Resources with Evolution of Alarms

VAST '07 Proceedings of the 2007 IEEE Symposium on Visual Analytics Science and Technology
A Survey of Radial Methods for Information Visualization

IEEE Transactions on Visualization and Computer Graphics
IDS alert visualization and monitoring through heuristic host selection

ICICS'10 Proceedings of the 12th international conference on Information and communications security
A Survey of Visualization Systems for Network Security

IEEE Transactions on Visualization and Computer Graphics

Visualizing PHPIDS log files for better understanding of web server attacks

Proceedings of the Tenth Workshop on Visualization for Cyber Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network security depends heavily on automated Intrusion Detection Systems (IDS) to sense malicious activities. Unfortunately, IDS often generates both too much raw information and a large number of false positive alerts. Information visualization research has been performed to help users discover and analyze information through visual exploration efficiently. Even with the aid of visualization, identifying the attack patterns and recognizing the false positives from a great number of alerts are still challenges. In this paper, we present a novel visualization framework for IDS alerts that can monitor the network and perceive the overall view of the security situation using radial graph in real-time. The framework utilizes five categories of entropy functions to quantitatively analyze the irregular behavioral patterns, and synthesizes interactions, filtering and drill-down to detect the potential intrusions. In conclusion, we describe how this framework was used to analyze the mini-challenges of the 2011 and 2012 VAST challenge.