Alerts Visualization and Clustering in Network-based Intrusion Detection
- University of Tennessee
- ORNL
Today's Intrusion detection systems when deployed on a busy network overload the network with huge number of alerts. This behavior of producing too much raw information makes it less effective. We propose a system which takes both raw data and Snort alerts to visualize and analyze possible intrusions in a network. Then we present with two models for the visualization of clustered alerts. Our first model gives the network administrator with the logical topology of the network and detailed information of each node that involves its associated alerts and connections. In the second model, flocking model, presents the network administrator with the visual representation of IDS data in which each alert is represented in different color and the alerts with maximum similarity move together. This gives network administrator with the idea of detecting various of intrusions through visualizing the alert patterns.
- Research Organization:
- Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- Work for Others (WFO)
- DOE Contract Number:
- DE-AC05-00OR22725
- OSTI ID:
- 986833
- Resource Relation:
- Conference: Cyber Security and Information Intelligence Research Workshop, Oak Ridge, TN, USA, 20100421, 20100423
- Country of Publication:
- United States
- Language:
- English
Similar Records
Visualization Techniques for Computer Network Defense
Multi stage attack Detection system for Network Administrators using Data Mining