SnortView

Koike, Hideki; Ohno, Kazuhiro

doi:10.1145/1029208.1029232

Cited by 84 publications

(4 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, in this method, unlike VisAlert, although attackers are displayed, no information about the target of the attacks is presented to the user. SnortView [33] visualization is composed of three frames: attacker's frame, alert's frame, and attacker-destination matrix frame. In this visualization, diferent symbols are used to display alert types.…”

Section: Ids Visualization Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Nesting Circles: An Interactive Visualization Paradigm for Network Intrusion Detection System Alerts

Shahryari

Khanli

Ramezani

et al. 2023

Security and Communication Networks

View full text Add to dashboard Cite

Intrusion detection systems (IDSs) are valuable tools for fighting against those who want to intrude on the network and steal sensitive information for any reason. These tools, however, have difficulties in their essence. The generated alerts are in textual format, and extracting the exact information from the textual files needs lots of time and scrutiny. Also, not all alerts are accurate, and these tools suffer a setback named false-positive alerts, meaning that although no attack occurs, they may log some alerts. It is almost impossible to detect the penetration according to the discussed conditions. Information visualization is a method that transforms information into a visual representation for a better and quicker understanding. Indeed, the more the visualization is representative and straightforward, the more information it can transfer and the more worthy it is. This paper proposes a new paradigm for visualizing IDS alerts named nesting circles. We keep simplicity by using circles as the primary mark and the size and color as the only used channels. This makes the visualization easy to read and intuitive to understand. Furthermore, nesting circles provide a complete visualization of explicit and implicit information to the admin, and the previous approaches lacked this vital feature. The efficiency of nesting circles is examined through the VAST challenge case study, and it is shown to be effective in finding hidden attacks in the logs.

show abstract

Section: Ids Visualization Methodsmentioning

confidence: 99%

“…As recent visualization techniques developed for visualizing IDS logs, we can refer to references [27][28][29][30][31][32][33][34][35]. Tere are several shortcomings associated with these paradigms that make them less efective.…”

Section: Introductionmentioning

confidence: 99%

Nesting Circles: An Interactive Visualization Paradigm for Network Intrusion Detection System Alerts

Shahryari

Khanli

Ramezani

et al. 2023

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…SnortView [16] uses a source-time matrix to plot IDS events over time. Colour is used to indicate event severity, and network protocols are given distinct glyph identifiers.…”

Section: A Snortviewmentioning

confidence: 99%

Pianola - Visualization of Multivariate Time-Series Security Event Data

Thomson¹,

Graham

Kennedy

2013

2013 17th International Conference on Information Visualisation

View full text Add to dashboard Cite

Abstract-Monitoring log files for network intrusions is unwieldy. To build a mental model of the log, an analyst is required to recognise continuous timelines and attack patterns from a dataset that is essentially limited to an ordered list of events. Information Visualization techniques arrange data into directly perceivable visual patterns that may alleviate some overheads associated with interpreting these datasets and improve the ability of users, especially those in resourcestretched Small and Medium sized Businesses (SMBs), to make sense of activity patterns in Intrusion Detection System (IDS) event logs. To this end, we discuss existing network security visualizations for IDS logs and after examining the strengths and drawbacks of those applications we have prototyped a visualization tool, Pianola, that arranges events on multiple timelines to reveal patterns both in time and across a network. The tool was evaluated against the traditional use of commandline interface (CLI)-based tools for analyzing network security events and displayed significant improvements in both recognition and detection of attacks and reduction in the users' subjective workload, measured using the NASA Task Load index (TLX).

show abstract

“…For example, attack graphs were invented to analyze the overall network vulnerability and to generate a global view of network security against attacks [229][230][231][232]. By deploying network sensors at particular points in the Internet, monitoring systems were built to detect cyberthreats and statistically analyze the time, sources, and the types of attacks [233], and various visualization methods were developed to better understand the result of the detection and analysis [234][235][236][237]. Quite recently, a genetic epidemiology approach to cybersecurity was proposed to understand the factors that determine the likelihood that individual computers are compromised [238], and the general concept of cybersecurity dynamics was introduced [239].…”

Section: Introductionmentioning

confidence: 99%

Predicting and Controlling Complex Networks

Lai¹

2015

View full text Add to dashboard Cite

The research on the topology and dynamics of complex networks is one of the most focused area in complex system science. The goals are to structure our understanding of the real-world social, economical, technological, and biological systems in the aspect of networks consisting a large number of interacting units and to develop corresponding detection, prediction, and control strategies. In this highly interdisciplinary field, my research mainly concentrates on universal estimation schemes, physical controllability, as well as mechanisms behind extreme events and cascading failure for complex networked systems.Revealing the underlying structure and dynamics of complex networked systems from observed data without of any specific prior information is of fundamental importance to science, engineering, and society. We articulate a Markov network based model, the sparse dynamical Boltzmann machine (SDBM), as a universal network structural estimator and dynamics approximator based on techniques including compressive sensing and K-means algorithm. It recovers the network structure of the original system and predicts its short-term or even long-term dynamical behavior for a large variety of representative dynamical processes on model and real-world complex networks.One of the most challenging problems in complex dynamical systems is to control complex networks. Upon finding that the energy required to approach a target state with reasonable precision is often unbearably large, and the energy of controlling a set of networks with similar structural properties follows a fat-tail distribution, we identify fundamental structural "short boards" that play a dominant role in the enormous energy and offer a theoretical interpretation for the fat-tail distribution and simple strategies to significantly reduce the energy.Extreme events and cascading failure, a type of collective behavior in complex networked systems, often have catastrophic consequences. Utilizing transportation and evolutionary game dyi namics as prototypical settings, we investigate the emergence of extreme events in simplex complex networks, mobile ad-hoc networks and multi-layer interdependent networks. A striking resonancelike phenomenon and the emergence of global-scale cascading breakdown are discovered. We derive analytic theories to understand the mechanism of control at a quantitative level and articulate cost-effective control schemes to significantly suppress extreme events and the cascading process.

show abstract

SnortView

Cited by 84 publications

References 3 publications

Nesting Circles: An Interactive Visualization Paradigm for Network Intrusion Detection System Alerts

Nesting Circles: An Interactive Visualization Paradigm for Network Intrusion Detection System Alerts

Pianola - Visualization of Multivariate Time-Series Security Event Data

Predicting and Controlling Complex Networks

Contact Info

Product

Resources

About