Tool update: high alarm count issues in IDS rainstorm

We developed a tool to help network administrators deal with the large amount of alarms generated from network security appliances. It efficiently uses screen space representing a high number of IP addresses along with time sequence so that general alarm activity for a network can be visualized along with details, if desired. The tool was useful but encountered problems when there was a significant increase in the amount of alarms. The issues that resulted are addressed in this paper along with methods to ease them.

[1]  John T. Stasko,et al.  Attacking information visualization system usability overloading and deceiving the human , 2005, SOUPS '05.

[2]  John T. Stasko,et al.  Countering security information overload through alert and packet visualization , 2006, IEEE Computer Graphics and Applications.

[3]  John T. Stasko,et al.  IDS rainStorm: visualizing IDS alarms , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..