Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
LISA '02 Proceedings of the 16th USENIX conference on System administration
Countering Security Information Overload through Alert and Packet Visualization
IEEE Computer Graphics and Applications
Hierarchical Visualization of Network Intrusion Detection Data
IEEE Computer Graphics and Applications
STARMINE: a visualization system for cyber attacks
APVis '06 Proceedings of the 2006 Asia-Pacific Symposium on Information Visualisation - Volume 60
An intelligent, interactive tool for exploration and visualization of time-oriented security data
Proceedings of the 3rd international workshop on Visualization for computer security
Visualizations to improve reactivity towards security incidents inside corporate networks
Proceedings of the 3rd international workshop on Visualization for computer security
RAAS: a reliable analyzer and archiver for snort intrusion detection system
Proceedings of the 2007 ACM symposium on Applied computing
Using Time Series 3D AlertGraph and False Alert Classification to Analyse Snort Alerts
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
A Component-Based Framework for Visualization of Intrusion Detection Events
Information Security Journal: A Global Perspective
Proposing a multi-touch interface for intrusion detection environments
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Nimble cybersecurity incident management through visualization and defensible recommendations
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Alerts visualization and clustering in network-based intrusion detection
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Multistage attack detection system for network administrators using data mining
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Neural visualization of network traffic data for intrusion detection
Applied Soft Computing
IDS alert visualization and monitoring through heuristic host selection
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Comic computing: creation and communication with comic
Proceedings of the 29th ACM international conference on Design of communication
Visual analysis of complex firewall configurations
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
DAEDALUS-VIZ: novel real-time 3D visualization for darknet monitoring-based alert system
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
RT-MOVICAB-IDS: Addressing real-time intrusion detection
Future Generation Computer Systems
A real-time visualization framework for IDS alerts
Proceedings of the 5th International Symposium on Visual Information Communication and Interaction
Visualizing PHPIDS log files for better understanding of web server attacks
Proceedings of the Tenth Workshop on Visualization for Cyber Security
Hi-index | 0.00 |
False detection is a major issue in deploying and maintaining Network-based Intrusion Detection Systems (NIDS). Traditionally, it is recommended to customize its signature database (DB) to reduce false detections. However, it requires quite deep knowledge and skills to appropriately customize the signature DB. Inappropriate customization causes the increase of false negatives as well as false positives. In this paper, we propose a visualization system of a NIDS log, named SnortView, which supports administrators in analyzing NIDS alerts much faster and much more easily. Instead of customizing the signature DB, we propose to utilize visualization to recognize not only each alert but also false detections. The system is based on a 2-D time diagram and alerts are shown as icons with different styles and colors. In addition, the system introduces some visualization techniques such as overlayed statistical information, source-destination matrix, and so on. The system was used to detect real attacks while recognizing some false detections.