IDS RainStorm: Visualizing IDS Alarms

12 years 11 months ago
IDS RainStorm: Visualizing IDS Alarms
The massive amount of alarm data generated from intrusion detection systems is cumbersome for network system administrators to analyze. Often, important details are overlooked and it is difficult to get an overall picture of what is occurring in the network by manually traversing textual alarm logs. We have designed a novel visualization to address this problem by showing alarm activity within a network. Alarm data is presented in an overview where system administrators can get a general sense of network activity and easily detect anomalies. They then have the option of zooming and drilling down for details. The information is presented with local network IP (Internet Protocol) addresses plotted over multiple yaxes to represent the location of alarms. Time on the x-axis is used to show the pattern of the alarms and variations in color encode the severity and amount of alarms. Based on our system administrator requirements study, this graphical layout addresses what system administrat...
Kulsoom Abdullah, Christopher P. Lee, Gregory J. C
Added 28 Jun 2010
Updated 28 Jun 2010
Type Conference
Year 2005
Authors Kulsoom Abdullah, Christopher P. Lee, Gregory J. Conti, John A. Copeland, John T. Stasko
Comments (0)