Paper Info
Title
Alerts Analysis and Visualization in Network-based Intrusion Detection Systems
Abstract
The alerts produced by network-based intrusion detection systems, e.g. Snort, can be difficult for network administrators to efficiently review and respond to due to the enormous number of alerts generated in a short time frame. This work describes how the visualization of raw IDS alert data assists network administrators in understanding the current state of a network and quickens the process of reviewing and responding to intrusion attempts. The project presented in this work consists of three primary components. The first component provides a visual mapping of the network topology that allows the end-user to easily browse clustered alerts. The second component is based on the flocking behavior of birds such that birds tend to follow other birds with similar behaviors. This component allows the end-user to see the clustering process and provides an efficient means for reviewing alert data. The third component discovers and visualizes patterns of multistage attacks by profiling the attacker’s behaviors.
Year
DOI
Venue
2010
10.1109/SocialCom.2010.120
SocialCom/PASSAT
Keywords
Field
DocType
clustering process,intrusion attempt,alert data,network-based intrusion detection system,primary component,network administrator,network-based intrusion detection systems,network topology,enormous number,alerts analysis,efficient mean,current state,intrusion detection system,association rules,data visualization,visualization,flocking behavior,flocking,data visualisation,clustering,intrusion detection
Data mining,Data visualization,Computer science,Visualization,Flocking (behavior),Network topology,Association rule learning,Network administrator,Cluster analysis,Intrusion detection system
Conference
Citations 
PageRank 
References 
4
0.39
11
Authors
4
Name
Order
Citations
PageRank
Li Yang13815.40
Wade Gasior2303.27
Rajeshwar Katipally3171.31
Xiaohui Cui437444.64