MULTI-NODE MONITORING AND INTRUSION DETECTION

The monitoring of systems connected to the Internet is critical for the maintenance of security and privacy. The threat of hackers, terrorism, and internal misuse are major concerns of any organization. In this paper, we expand our visual monitoring environment to support multiple monitored systems and provide an effective layout of the nodes (hosts) for the analysis of the networked environment. We discuss the analysis and correlation strategies needed in such a multi-host environment in order to identify unusual activity. The effectiveness of the correlation and analysis activities is directly related to the node organization. We will show that the node layout we have developed leads to a very effective organization in that line intersections and line orientations are designed to be informative and indicative of unusual activity. Given the effectiveness of line intersections and line orientations as visual attractors, as they are discerned pre-attentively [1], this leads to a very effective monitoring environment. Given our goal is to provide an additional tool to system administrators with the understanding that this is not their sole task then the ready discrimination and identification of activity needing attention is crucial.

[1]  Robert F. Erbacher,et al.  Visual Behavior Characterization for Intrusion Detection in Large Scale Systems , 2001, VIIP.

[2]  Marti A. Hearst,et al.  Animated exploration of dynamic graphs with radial layout , 2001, IEEE Symposium on Information Visualization, 2001. INFOVIS 2001..

[3]  Deborah A. Frincke,et al.  Intrusion and Misuse Detection in Large-Scale Systems , 2002, IEEE Computer Graphics and Applications.

[4]  Eugene H. Spafford,et al.  Writing, supporting, and evaluating tripwire: a publically available security tool , 1994 .

[5]  Jock D. Mackinlay,et al.  Cone Trees: animated 3D visualizations of hierarchical information , 1991, CHI.

[6]  Arne Frick,et al.  Fast Interactive 3-D Graph Visualization , 1995, GD.

[7]  Edward R. Tufte,et al.  Envisioning Information , 1990 .

[8]  Deborah A. Frincke,et al.  Visualization in detection of intrusions and misuse in large scale networks , 2000, 2000 IEEE Conference on Information Visualization. An International Conference on Computer Visualization and Graphics.