Tool update: high alarm count issues in IDS rainstorm
暂无分享,去创建一个
We developed a tool to help network administrators deal with the large amount of alarms generated from network security appliances. It efficiently uses screen space representing a high number of IP addresses along with time sequence so that general alarm activity for a network can be visualized along with details, if desired. The tool was useful but encountered problems when there was a significant increase in the amount of alarms. The issues that resulted are addressed in this paper along with methods to ease them.
[1] John T. Stasko,et al. Attacking information visualization system usability overloading and deceiving the human , 2005, SOUPS '05.
[2] John T. Stasko,et al. Countering security information overload through alert and packet visualization , 2006, IEEE Computer Graphics and Applications.
[3] John T. Stasko,et al. IDS rainStorm: visualizing IDS alarms , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..