Visualizing PHPIDS log files for better understanding of web server attacks

Authors:
Mansour Alsaleh;Abdullah Alqahtani;Abdulrahman Alarifi;AbdulMalik Al-Salman
Affiliations:
King Abdulaziz City for Science and Technology, Riyadh, KSA;King Saud University, Riyadh, KSA;King Abdulaziz City for Science and Technology, Riyadh, KSA;King Saud University, Riyadh, KSA
Venue:
Proceedings of the Tenth Workshop on Visualization for Cyber Security
Year:
2013

Citing 17
Cited 0

Network Intrusion Visualization with NIVA, an Intrusion Detection Visual Analyzer with Haptic Integration

HAPTICS '02 Proceedings of the 10th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems
Graphical Encoding for Information Visualization: An Empirical Study

INFOVIS '02 Proceedings of the IEEE Symposium on Information Visualization (InfoVis'02)
NVisionIP: netflow visualizations of system state for security situational awareness

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Statistical profiling and visualization for detection of malicious insider attacks on computer networks

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
SnortView: visualization system of snort logs

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Analyzing perceptual organization in information graphics

Information Visualization - Special issue of selected and extended InfoVis 03 papers
prefuse: a toolkit for interactive information visualization

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Exploring Three-dimensional Visualization for Intrusion Detection

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Designing Visualization Capabilities for IDS Challenges

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Visual Firewall: Real-time Network Security Monito

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Security Data Visualization

Security Data Visualization
Applied Security Visualization

Applied Security Visualization
Web Application Intrusion Detection System for Input Validation Attack

ICCIT '08 Proceedings of the 2008 Third International Conference on Convergence and Hybrid Information Technology - Volume 02
Measuring effective data visualization

ISVC'07 Proceedings of the 3rd international conference on Advances in visual computing - Volume Part II
XTRec: Secure Real-Time Execution Trace Recording on Commodity Platforms

HICSS '11 Proceedings of the 2011 44th Hawaii International Conference on System Sciences
A Survey of Visualization Systems for Network Security

IEEE Transactions on Visualization and Computer Graphics
A real-time visualization framework for IDS alerts

Proceedings of the 5th International Symposium on Visual Information Communication and Interaction

Quantified Score

Hi-index	0.00

Visualization

Abstract

The prevalence and severity of application-layer vulnerabilities increase dramatically their corresponding attacks. In this paper, we present an extension to PHPIDS, an open source intrusion detection and prevention system for PHP-based web applications, to visualize its security log. The proposed extension analyzes PHPIDS logs, correlates these logs with the corresponding web server logs, and plots the security-related events. We use a set of tightly coupled visual representations of HTTP server requests containing known and suspicious malicious content, to provide system administrators and security analysts with fine-grained visual-based querying capabilities. We present multiple case studies to demonstrate the ability of our PHPIDS visualization extension to support security analysts with analytic reasoning and decision making in response to ongoing web server attacks. Experimenting the proposed PHPIDS visualization extension on real-world datasets shows promise for providing complementary information for effective situational awareness.