Abstract
Intrusion detection systems gather large quantities of host and network information in an attempt to detect and respond to attacks against an organization. The widely varying nature of attacks makes humans essential for analysis, but the sheer volume of data can quickly overwhelm even experienced analysts. Existing approaches utilize visualization to provide rapidly comprehensible representations of the data, but fail to scale to real-world environments due to unrealistic data handling and lack of response facilities. This paper introduces a new tool for security event monitoring, analysis, and response called Savors. Savors provides suitable scalability by utilizing three additional areas of computing. High-end computing brings large amounts of on-demand processing to bear on the problem. Auralization allows both monitoring and analysis to be performed in parallel. Finally, grid computing provides the basis for remote data access and response capabilities with seamless and secure access to organization resources.
This work is supported by the NASA Advanced Supercomputing Division under Task Order NNA05AC20T (Contract GS-09F-00282) with Advanced Management Technology Inc.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abdullah, K., Lee, C., Conti, G., Copeland, J., Stasko, J.: IDS RainStorm: Visualizing IDS Alarms. In: IEEE Wkshp. on Visualization for Computer Security (October 2005)
Bruls, M., Huizing, K., van Wijk, J.J.: Squarified Treemaps. In: 2nd Joint Eurographics - IEEE TCVG Symp. on Visualization (May 2000)
Conti, G., Abdullah, K.: Passive Visual Fingerprinting of Network Attack Tools. In: ACM Wkshp. on Visualization and Data Mining for Computer Security (October 2004)
Conti, G., Grizzard, J., Ahamad, M., Owen, H.: Visual Exploration of Malicious Network Objects Using Semantic Zoom, Interactive Encoding and Dynamic Queries. In: IEEE Wkshp. on Visualization for Computer Security (October 2005)
Enlightened Sound Daemon, http://www.tux.org/~ricdude/EsounD.html
Foresti, S., Agutter, J., Livnat, Y., Moon, S., Erbacher, R.: Visual Correlation of Network Alerts. IEEE Computer Graphics and Applications 26(2) (March 2006)
Gansner, E.R., North, S.C.: An Open Graph Visualization System and Its Applications to Software Engineering. Software: Practice and Experience 30(11) (August 2000)
Gilfix, M., Couch, A.: Peep (The Network Auralizer): Monitoring Your Network With Sound. In: 14th USENIX Large Installation System Administration Conf., (December 2000)
Goodall, J.R., Lutters, W.G., Rheingans, P., Komlodi, A.: Focusing on Context in Network Traffic Analysis. IEEE Computer Graphics and Applications 26(2) (March 2006)
Kolano, P.Z.: Maintaining High Performance Communication Under Least Privilege Using Dynamic Perimeter Control. In: 12th European Symp. on Research in Computer Security (September 2007)
Kolano, P.Z.: Mesh: Secure, Lightweight Grid Middleware Using Existing SSH Infrastructure. In: 12th ACM Symp. on Access Control Models and Technologies (June 2007)
Lee, C., Trost, J., Gibbs, N., Beyah, R., Copeland, J.A.: Visual Firewall: Real-time Network Security Monitor. In: IEEE Wkshp. on Visualization for Computer Security (October 2005)
Libpcap format, wiki.wireshark.org/Development/LibpcapFileFormat
Lidie, S.: Perl and the Tk Extension. The Perl Journal 1(1) (1996)
Papadopoulos, C., Kyriakakis, C., Sawchuk, A., He, X.: CyberSeer: 3D Audio-Visual Immersion for Network Security and Management. In: ACM Wkshp. on Visualization and Data Mining for Computer Security (October 2004)
Sandstrom, T.A., Henze, C., Levit, C.: The Hyperwall. In: 1st Intl. Conf. on Coordinated and Multiple Views in Exploratory Visualization (2003)
Trammell, B., Boschi, E., Mark, L., Zseby, T., Wagner, A.: An IPFIX-Based File Format. IETF Internet Draft (July 2007)
Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: A Comprehensive Approach to Intrusion Detection Alert Correlation. IEEE Trans. on Dependable and Secure Computing 1(3) (July 2004)
Xu, J., Fan, J., Ammar, M.H., Moon, S.B.: Prefix-Preserving IP Address Anonymization: Measurement-based Security Evaluation and a New Cryptography-based Scheme. In: 10th IEEE Intl. Conf. on Network Protocols (November 2002)
Yurcik, W.: Visualizing NetFlows for Security at Line Speed: The SIFT Tool Suite. In: 19th USENIX Large Installation System Administration Conf. (December 2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kolano, P.Z. (2007). A Scalable Aural-Visual Environment for Security Event Monitoring, Analysis, and Response. In: Bebis, G., et al. Advances in Visual Computing. ISVC 2007. Lecture Notes in Computer Science, vol 4841. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76858-6_55
Download citation
DOI: https://doi.org/10.1007/978-3-540-76858-6_55
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76857-9
Online ISBN: 978-3-540-76858-6
eBook Packages: Computer ScienceComputer Science (R0)