A Novel Radial Visualization of Intrusion Detection Alerts.

Intrusion detection systems (IDSs) generally produce an overwhelming amount of alerts, which are commonly plagued by issues of false positives. It is cumbersome for network administrators to manually traverse text-based alert logs in order to detect threats. In this work, we present a novel radial visualization of IDSs alerts, IDSPlanet, which helps administrators identify false positives, analyze attack patterns, and understand evolving network situations. Using a planet's geology as a metaphor for the design, IDSPlanet is composed of chrono rings, alert continents, and an interactive core. Accordingly, these components encode the temporal features of alert types, patterns of behavior in affected hosts, and correlations amongst alert types, attackers, and targets, respectively. The visualization provides an informative picture of networks' status. IDSPlanet offers different interactions and monitoring modes, which allow users to investigate in detail as well as to explore overall pattern. Two case studies and two interviews were conducted to demonstrate the usability and effectiveness of our visualization design.

[1]  John T. Stasko,et al.  IDS rainStorm: visualizing IDS alarms , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[2]  Hideki Koike,et al.  SnortView: visualization system of snort logs , 2004, VizSEC/DMSEC '04.

[3]  Richard F. Riesenfeld,et al.  A Survey of Radial Methods for Information Visualization , 2009, IEEE Transactions on Visualization and Computer Graphics.

[4]  Wei Huang,et al.  ENTVis: A Visual Analytic Tool for Entropy-Based Network Traffic Anomaly Detection , 2015, IEEE Computer Graphics and Applications.

[5]  Robert F. Erbacher,et al.  Designing visualization capabilities for IDS challenges , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[6]  Ali A. Ghorbani,et al.  A Survey of Visualization Systems for Network Security , 2012, IEEE Transactions on Visualization and Computer Graphics.

[7]  Maxime Dumas,et al.  Alertwheel: radial bipartite graph visualization applied to intrusion detection system alerts , 2012, IEEE Network.

[8]  Daniel A. Keim,et al.  Monitoring Network Traffic with Radial Traffic Analyzer , 2006, 2006 IEEE Symposium On Visual Analytics Science And Technology.

[9]  Ying Zhao,et al.  NetSecRadar: A Visualization System for Network Security Situational Awareness , 2013, CSS.

[10]  Yarden Livnat,et al.  A visualization paradigm for network intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[11]  Denis Lalanne,et al.  SpiralView: Towards Security Policies Assessment through Visual Correlation of Network Resources with Evolution of Alarms , 2007, 2007 IEEE Symposium on Visual Analytics Science and Technology.