Skip to main content
SpringerLink
Log in

IDSRadar: a real-time visualization framework for IDS alerts

  • Research Paper
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

Abstract

Intrusion Detection Systems (IDS) is an automated cyber security monitoring system to sense malicious activities. Unfortunately, IDS often generates both a considerable number of alerts and false positives in IDS logs. Information visualization allows users to discover and analyze large amounts of information through visual exploration and interaction efficiently. Even with the aid of visualization, identifying the attack patterns and recognizing the false positives from a great number of alerts are still challenges. In this paper, a novel visualization framework, IDSRadar, is proposed for IDS alerts, which can monitor the network and perceive the overall view of the security situation by using radial graph in real-time. IDSRadar utilizes five categories of entropy functions to quantitatively analyze the irregular behavioral patterns, and synthesizes interactions, filtering and drill-down to detect the potential intrusions. In conclusion, IDSRadar is used to analyze the mini-challenges of the VAST challenge 2011 and 2012.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Marty R. Applied Security Visualization. Indiana: Addison Wesley Professional Indianapolis, 2008

    Google Scholar 

  2. Shin M S, Kim E H, Ryu K H. False alarm classification model for network-based intrusion detection system. Lect Note Comput Sci, 2004, 3177: 259–265

    Article  Google Scholar 

  3. Lakkaraju K, Bearavolu R, Slagell A, et al. Closing-the-loop in NVisionIP: integrating discovery and search in security visualizations. In: IEEE Workshop on Visualization for Computer Security, Minneapolis, 2005. 75–82

    Google Scholar 

  4. Abdullah K, Lee C, Conti G, et al. IDS RainStorm: visualizing IDS alarms. In: IEEE Workshop on Visualization for Computer Security, Minneapolis, 2005. 1–10

    Chapter  Google Scholar 

  5. Koike H, Ohno K. SnortView: visualization system of snort logs. In: The ACM workshop on Visualization and data mining for computer security, Washington, 2004. 143–147

    Google Scholar 

  6. Yin X, Yurcik W, Treaster M, et al. VisFlowConnect: netflow visualizations of link relationships for security situational awareness. In: the ACM workshop on Visualization and data mining for computer security, Washington, 2004. 26–34

    Google Scholar 

  7. Livnat Y, Agutter J, Moon S, et al. A visualization paradigm for network intrusion detection. In: the 6th Annual IEEE SMC Information Assurance Workshop, West Point, 2005. 92–99

    Chapter  Google Scholar 

  8. Draper G M, Livnat Y, Riesenfeld R F. A survey of radial methods for information visualization. IEEE Trans Vis Comput Graph, 2009, 15: 759–776

    Article  Google Scholar 

  9. Mansmann F, Gobel T, Cheswick W. Visual analysis of complex firewall configurations. In: Proceedings of the VizSec Symposium on Visualization for Cyber Security, Seattle, 2012. 1–8

    Chapter  Google Scholar 

  10. Alsallakh B, Aigner W, Miksch S, et al. Reinventing the contingency wheel: scalable visual analytics of large categorical data. IEEE Trans Vis Comput Graph, 2012, 18: 2849–2858

    Article  Google Scholar 

  11. Nyarko K, Capers T, Scott C, et al. Network intrusion visualization with niva, an intrusion detection visual analyzer with haptic integration. In: Haptic Interfaces for Virtual Environment and Teleoperator Systems, Orlando, 2002. 277–284

    Google Scholar 

  12. Ren P, Gao Y, Li Z, et al. IDGraphs: intrusion detection and analysis using histographs. In: IEEE Workshop on Visualization for Computer Security, Minneapolis, 2005. 39–46

    Google Scholar 

  13. Koike H, Ohno K, Koizumi K. Visualizing cyber attacks using IP matrix. In: IEEE Workshop on Visualization for Computer Security, Minneapolis, 2005. 91–98

    Google Scholar 

  14. Lee C P, Trost J, Gibbs N, et al. Visual firewall: real-time network security monitor. In: IEEE Workshop on Visualization for Computer Security, Minneapolis, 2005. 129–136

    Google Scholar 

  15. Livnat Y, Agutter J, Moon S, et al. Visual correlation for situational awareness. In: IEEE Symposium on Information Visualization, Minneapolis, 2005. 95–102

    Google Scholar 

  16. Foresti S, Agutter J, Livnat Y, et al. Visual correlation of network alerts. IEEE Trans Vis Comput Graph, 2006, 26: 48–59

    Google Scholar 

  17. Bertini E, Hertzog P, Lalanne D. Spiralview: towards security policies assessment through visual correlation of network resources with evolution of alarms. In: IEEE Symposium on Visual Analytics Science and Technology, Sacramento, 2007. 139–146

    Chapter  Google Scholar 

  18. Musa S, Parish D J. Using time series 3D alert graph and false alert classification to analyze Snort alerts. In: the 5th International Workshop on Visualization for Computer Security, Cambridge, 2008. 169–180

    Chapter  Google Scholar 

  19. Shiravi H, Shiravi A, Ghorbani A A. IDS alert visualization and monitoring through heuristic host selection. Lect Note Comput Sci, 2010, 6476: 445–458

    Article  Google Scholar 

  20. Shiravi H, Shiravi A, Ghorbani A A. A survey of visualization systems for network security. IEEE Trans Vis Comput Graph, 2012, 18: 1313–1329

    Article  Google Scholar 

  21. Xu K, Zhang Z L, Bhattacharyya S. Internet traffic behavior profiling for network security monitoring. IEEE/ACM Trans Netw, 2008, 16: 1241–1252

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Science and Engineering School, Central South University, Changsha, 410075, China

    Ying Zhao, FangFang Zhou, XiaoPing Fan, Xing Liang & YongGang Liu

  2. Laboratory of Networked Systems, Hunan University of Finance & Economics, Changsha, 410205, China

    XiaoPing Fan

Authors
  1. Ying Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. FangFang Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. XiaoPing Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xing Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. YongGang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to FangFang Zhou.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zhao, Y., Zhou, F., Fan, X. et al. IDSRadar: a real-time visualization framework for IDS alerts. Sci. China Inf. Sci. 56, 1–12 (2013). https://doi.org/10.1007/s11432-013-4891-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11432-013-4891-9

Keywords

Search

Navigation