IDS RainStorm: Visualizing IDS alarms

IEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings

Volumn , Issue , 2005, Pages 1-10

  Abdullah, Kulsoom ^a   Lee, Chris ^a   Conti, Gregory ^a   Copeland, John A ^a   Stasko, John ^a  

^a GEORGIA INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

Alarm visualization; Alert visualization; IDS alarms; Log visualization; Network monitoring; Network security information visualization

Indexed keywords

ALARM VISUALIZATION; ALERT VISUALIZATION; IDS ALARMS; LOG VISUALIZATION; NETWORK MONITORING; NETWORK SECURITY INFORMATION VISUALIZATION;

COMPUTER SYSTEMS; DATA PROCESSING; INFORMATION RETRIEVAL; INFORMATION TECHNOLOGY; NETWORK PROTOCOLS; PROBLEM SOLVING;

ALARM SYSTEMS;

EID: 33749520207     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/VIZSEC.2005.1532060     Document Type: Conference Paper

References (12)

1. InterSect Alliance. Razorback - snort network intrusion detection front-end. URL: http://www.intersectalliance.com/ projects/RazorBack/.
2. R. Danyliw. Analysis console for intrusion databases (acid). URL: http://www.andrew.cmu.edu/user/rdanyliw/snortacid. html.
3. H. Debar and A. Wespi. Aggregation and correlation of intrusion detection alerts. In Recent Advances in Intrusion Detection (RAID), pages 85-103. Springer-Verlag, 2001.
4. James Eagan, Mary J. Harrold, James A. Jones, and John Stasko. Technical note: Visually encoding program test information to find faults in software. In Proceedings of IEEE Information Visualization 2001, pages 33-36, San Diego, CA, October 2001.
5. Stephen G. Eick, Joseph L. Steffen, and Jr. Eric E. Sumner. Seesoft-a tool for visualizing line oriented software statistics. IEEE Transactions on Software Engineering, 18(11):957-968, 1992.
6. James A. Hoagland and Stuart Stamford. Viewing ids alerts: Lessons from snortsnarf. In Proceedings of 2001 DARPA Information Survivability Conference and Exposition (DISCEX 2001), pages 12-14, 2001.
7. Klaus Julisch. Clustering intrusion detection alarms to support root cause analysis. In ACM Transactions on Information and System Security, volume 6. ACM Press, November 2003.
8. Hideki Koike and Kazuhiro Ohno. Snortview: Visualization system of snort logs. In ACM, editor, VizSEC/DMSEC'04, Washington DC, USA, October 29 2004.
9. M. Roesch. Snort. URL: http://www.snort.org/.
10. Tetsuji Takada and Hideki Koike. Mielog: A highly interactive visual log browser using information visualization and statistical analysis. In Proceedings of LISA XVI Sixteenth Systems Administration Conference, pages 133-144. The USENIX Association, Nov. 2002.
11. Tetsuji Takada and Hideki Koike. Tudumi: Information visualization system for monitoring and auditing computer logs. In Proceedings of Information Visualization, pages 570-576, July 2002. Sixth International Conference.
12. Lancope. Stealthwatch+therminator. URL: http://www.lancope. com/products/.