IDGraphs: Intrusion Detection and Analysis Using Stream Compositing
IEEE Computer Graphics and Applications
Countering Security Information Overload through Alert and Packet Visualization
IEEE Computer Graphics and Applications
Interactive Exploration of Data Traffic with Hierarchical Network Maps
IEEE Transactions on Visualization and Computer Graphics
An intelligent, interactive tool for exploration and visualization of time-oriented security data
Proceedings of the 3rd international workshop on Visualization for computer security
Visualization assisted detection of sybil attacks in wireless networks
Proceedings of the 3rd international workshop on Visualization for computer security
Tool update: high alarm count issues in IDS rainstorm
Proceedings of the 3rd international workshop on Visualization for computer security
Visualizations to improve reactivity towards security incidents inside corporate networks
Proceedings of the 3rd international workshop on Visualization for computer security
Command line or pretty lines?: comparing textual and visual interfaces for intrusion detection
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
RAAS: a reliable analyzer and archiver for snort intrusion detection system
Proceedings of the 2007 ACM symposium on Applied computing
Progressive multiples for communication-minded visualization
GI '07 Proceedings of Graphics Interface 2007
Interactive wormhole detection and evaluation
Information Visualization
Visual Analysis of Program Flow Data with Data Propagation
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
A Task Centered Framework for Computer Security Data Visualization
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Using Time Series 3D AlertGraph and False Alert Classification to Analyse Snort Alerts
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
A Component-Based Framework for Visualization of Intrusion Detection Events
Information Security Journal: A Global Perspective
Guidelines for designing IT security management tools
Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology
A scalable aural-visual environment for security event monitoring, analysis, and response
ISVC'07 Proceedings of the 3rd international conference on Advances in visual computing - Volume Part I
Nimble cybersecurity incident management through visualization and defensible recommendations
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Evidence analysis method using Bloom filter for MANET forensics
KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part III
Neural visualization of network traffic data for intrusion detection
Applied Soft Computing
IDS alert visualization and monitoring through heuristic host selection
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Visual analysis of goal-directed network defense decisions
Proceedings of the 8th International Symposium on Visualization for Cyber Security
Optimizing a radial layout of bipartite graphs for a tool visualizing security alerts
GD'11 Proceedings of the 19th international conference on Graph Drawing
Envisioning grid vulnerabilities: multi-dimensional visualization for electrical grid planning
Proceedings of the International Working Conference on Advanced Visual Interfaces
DAEDALUS-VIZ: novel real-time 3D visualization for darknet monitoring-based alert system
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
RT-MOVICAB-IDS: Addressing real-time intrusion detection
Future Generation Computer Systems
A real-time visualization framework for IDS alerts
Proceedings of the 5th International Symposium on Visual Information Communication and Interaction
ELVIS: Extensible Log VISualization
Proceedings of the Tenth Workshop on Visualization for Cyber Security
| Hi-index | 0.00 |
The massive amount of alarm data generated from intrusion detection systems is cumbersome for network system administrators to analyze. Often, important details are overlooked and it is difficult to get an overall picture of what is occurring in the network by manually traversing textual alarm logs. We have designed a novel visualization to address this problem by showing alarm activity within a network. Alarm data is presented in an overview where system administrators can get a general sense of network activity and easily detect anomalies. They then have the option of zooming and drilling down for details. The information is presented with local network IP (Internet Protocol) addresses plotted over multiple yaxes to represent the location of alarms. Time on the x-axis is used to show the pattern of the alarms and variations in color encode the severity and amount of alarms. Based on our system administrator requirements study, this graphical layout addresses what system administrators need to see, is faster and easier than analyzing text logs, and uses visualization techniques to effectively scale and display the data. With this design, we have built a tool that effectively uses operational alarm log data generated on the Georgia Tech campus network. The motivation and background of our design is presented along with examples that illustrate its usefulness.