Hierarchical Data Visualization Using a Fast Rectangle-Packing Algorithm
IEEE Transactions on Visualization and Computer Graphics
MAIDS: mining alarming incidents from data streams
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Detecting Flaws and Intruders with Visual Data Analysis
IEEE Computer Graphics and Applications
VisFlowConnect: netflow visualizations of link relationships for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Home-centric visualization of network traffic for security administration
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Combining a bayesian classifier with visualisation: understanding the IDS
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
SnortView: visualization system of snort logs
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
LISA '02 Proceedings of the 16th USENIX conference on System administration
APVis '06 Proceedings of the 2006 Asia-Pacific Symposium on Information Visualisation - Volume 60
Intrusion and misuse detection in large-scale systems
IEEE Computer Graphics and Applications
IEEE Transactions on Visualization and Computer Graphics
Visualization based policy analysis: case study in SELinux
Proceedings of the 13th ACM symposium on Access control models and technologies
Proceedings of the International Conference on Advanced Visual Interfaces
Proposing a multi-touch interface for intrusion detection environments
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
A survey of security visualization for computer network logs
Security and Communication Networks
DAEDALUS-VIZ: novel real-time 3D visualization for darknet monitoring-based alert system
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
idMAS-SQL: Intrusion Detection Based on MAS to Detect and Block SQL injection through data mining
Information Sciences: an International Journal
| Hi-index | 0.00 |
This article presents a visualization technique for log files of intrusion detection systems (IDSs), especially for a large-scale computer network connecting to thousands of computers. The technique first constructs hierarchical data of computers according to their IP addresses. It then visualizes the hierarchical data as bars and nested rectangles in a 2D display space, where bars denote computers and rectangles denote groups of computers. The technique represents the statistics of incidents for thousands of computers in one display space by mapping the number of incidents as bar heights. The technique attempts to minimize the display space; therefore, it enables the computers to be represented as clickable metaphors so that each computer's user interface presents its detail on demand. Also, the technique can help a user understand the relationship between a distribution of incidents and the organization of real society, because IP addresses are usually assigned according to the physical and organizational layouts of real society. The article introduces interesting behavior that the presented technique visualizes, including malicious accesses on real large-scale computer networks as discovered from over sixty thousands lines of a real IDS log file.