DocumentCode
579904
Title
VisSRA: Visualizing Snort Rules and Alerts
Author
Hong, Xiaojin ; Hu, Changzhen ; Wang, Zhigang ; Wang, Guoqiang ; Wan, Ying
Author_Institution
Lab. of Comput. Network Defense Technol., Beijing Inst. of Technol., Beijing, China
fYear
2012
fDate
3-5 Nov. 2012
Firstpage
441
Lastpage
444
Abstract
Snort is a rule-based intrusion detection system, applying defined rules to inspect suspicious packets in network. An alert will be generated if an alert rule is triggered. Analysis of the relation between rules and alerts can help network administrators to analyze alerts easily so as to identify network attacks. The aim of this work is to develop a visualization tool that can be used to view the rules and alerts in visualization. The proposed visualization tool, which is called VisSRA, also can be used to find the relation between rules and alerts, view the number of alerts triggered by a rule and check the alerts quickly. Tree maps were used to visualize rules Snort contains and alerts Snort generates which are shown as cells with different colors. The system uses the graphical and statistical manners to allow even novices to get an overview of network state. In this paper, an experiment was given to show the proposed approach could bring some convenience of browsing and analyzing network anomalies to administrators.
Keywords
computer network security; data visualisation; knowledge based systems; statistical analysis; trees (mathematics); Snort alert visualization; Snort rule visualization; VisSRA; alert analysis; alert checking; alert rule; graphical manner; network administration; network anomaly analysis; network anomaly browsing; network attack identification; network state overview; network suspicious packet inspection; rule-based intrusion detection system; statistical manner; tree map; visualization tool; Color; Data visualization; Intrusion detection; Layout; Visualization; Snort; alert; rule; treemap;
fLanguage
English
Publisher
ieee
Conference_Titel
Computational Intelligence and Communication Networks (CICN), 2012 Fourth International Conference on
Conference_Location
Mathura
Print_ISBN
978-1-4673-2981-1
Type
conf
DOI
10.1109/CICN.2012.207
Filename
6375151
Link To Document