Intrusion detection systems (IDSs) are valuable tools for fighting against those who want to intrude on the network and steal sensitive information for any reason. These tools, however, have difficulties in their essence. The generated alerts are in textual format, and extracting the exact information from the textual files needs lots of time and scrutiny. Also, not all alerts are accurate, and these tools suffer a setback named false-positive alerts, meaning that although no attack occurs, they may log some alerts. It is almost impossible to detect the penetration according to the discussed conditions. Information visualization is a method that transforms information into a visual representation for a better and quicker understanding. Indeed, the more the visualization is representative and straightforward, the more information it can transfer and the more worthy it is. This paper proposes a new paradigm for visualizing IDS alerts named nesting circles. We keep simplicity by using circles as the primary mark and the size and color as the only used channels. This makes the visualization easy to read and intuitive to understand. Furthermore, nesting circles provide a complete visualization of explicit and implicit information to the admin, and the previous approaches lacked this vital feature. The efficiency of nesting circles is examined through the VAST challenge case study, and it is shown to be effective in finding hidden attacks in the logs.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.