Intrusion Detection System Visualization of Network Alerts

Abstract

The United States Department of Defense continues to depend more and more on network based resources for information processing and data storage while network based attacks continue to increase. The size and complexity of networks are continuously increasing and security analysts face mounting challenges to secure and monitor their infrastructure for attacks. The number of network events and alerts analysts need to evaluate are increasing at an exponential rate. "This task is generally aided by an Intrusion Detection System (IDS), which attempts to automatically identify successful and unsuccessful attacks or abuse of computer systems". As useful as an automated IDS is, they remain only a starting point. Security analysts must still use supplemental data sources to determine the accuracy and severity of an alert. Commonly, this entails the collection and identification of the "relevant details of network traffic related to the event being investigated". The traditional process of viewing and evaluating alerts as page after page of text and numbers can be improved upon. Using a visual representation of network alerts may bring to light anomalies and intrusions that go overlooked while viewing network alerts in a traditional data view. False positives and unimportant network data may also be easily filtered out by the eye when viewing alerts on a visual display.

Document Details

Document Type

Technical Report

Publication Date

Jul 01, 2010

Accession Number

ADA532723

Entities

Tags