Exploring three-dimensional visualization of intrusion detection system alerts and network statistics

Thumbnail Image
Date
2005-01-01
Authors
Oline, Adam
Major Professor
Advisor
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Altmetrics
Authors
Research Projects
Organizational Units
Journal Issue
Is Version Of
Versions
Series
Department
Electrical and Computer Engineering
Abstract

Intrusion Detection Systems (IDS) have been popular tools in the battle against adversaries who, for whatever reason, desire to break into networks, compromise hosts, and steal valuable information. One problem with current IDS implementations, however, is the sheer number of alerts they can generate, many of which tend to be false alarms. This drawback makes effective use of such systems a challenging task. In this thesis we explore three-dimensional approaches to visualizing network IDS alerts and aggregated network statistics in order to provide the system administrator with a better picture of the events occurring on his or her network. While some research has been done using two-dimensional concepts, 3D approaches have not received much attention with regard to detecting network intrusions. Evaluation of our visualizations using the 1999 DARPA Intrusion Detection Evaluation data set demonstrates the potential benefit of utilizing the third dimension. We show how a number of attack types in the data set, including Denial of Service, Probe, and Remote to Local, generate visual evidence of abnormal activity that a security administrator might use as motivation for further investigation. Using three dimensions provides a rich environment for visualization concepts, and while our initial efforts were successful, there is much room for other ideas and more complex techniques for interaction and drill-down. We hope research will continue in this direction and provide the basis for ever more powerful tools to aid security administrators in the fight against information technology threats.

Comments
Description
Keywords
Citation
Source
Copyright
Sat Jan 01 00:00:00 UTC 2005