Integrating – VPN and IDS – An approach to Networks Security (original) (raw)

Visual correlation of network alerts

IEEE Computer Graphics and Applications, 2000

S ociety's dependence on information systems has made cybersecurity an increasingly important issue. Computer networks transport financial transactions, sensitive government information, power plant operations, and personal health information. The spread of malicious network activities poses great risks to the operational integrity of many organizations and imposes heavy economic burdens on life and health.

VisFlowconnect: providing security situational awareness by visualizing network traffic flows

IEEE International Conference on Performance, Computing, and Communications, 2004

We present the design and implementation of VisFlow-Connect, a powerful new tool for visualizing network traffic flow dynamics for situational awareness. The visualization capability provided by VisFlowConnect allows an operator to assess the state of a large and complex network given an overall view of the entire network and filter/drill-down features with a friendly user interface that allows users to request more detailed information of interest such as specific protocol traffic flows. The value of VisFlowConnect specifically for security situational awareness is that any security event, with only a few minor exceptions, will be reflected as a traffic flow. Thus using VisFlowConnect a user will "see" all security events. We show several experiments in which abnormal behaviors with security implications have been discovered and analyzed using VisFlowConnect. These experiments demonstrate how VisFlowConnect can be a uniquely effective tool to assist security administrators in securing their computer networks.

Visualising Network Security Events

Abstract As organizations increasingly rely on information technology and networking, information security becomes more of a concern. This places a dependency on system administrators to monitor systems in an organisation's network for anomalous activity. This task commonly involves analysing vast amounts of textual data, such as operating system events or intrusion detection system alerts.

IDSRadar: a real-time visualization framework for IDS alerts

Science China Information Sciences, 2013

Intrusion Detection Systems (IDS) is an automated cyber security monitoring system to sense malicious activities. Unfortunately, IDS often generates both a considerable number of alerts and false positives in IDS logs. Information visualization allows users to discover and analyze large amounts of information through visual exploration and interaction efficiently. Even with the aid of visualization, identifying the attack patterns and recognizing the false positives from a great number of alerts are still challenges. In this paper, a novel visualization framework, IDSRadar, is proposed for IDS alerts, which can monitor the network and perceive the overall view of the security situation by using radial graph in real-time. IDSRadar utilizes five categories of entropy functions to quantitatively analyze the irregular behavioral patterns, and synthesizes interactions, filtering and drill-down to detect the potential intrusions. In conclusion, IDSRadar is used to analyze the mini-challenges of the VAST challenge 2011 and 2012.

NVisionIP: netflow visualizations of system state for security situational awareness

… of the 2004 ACM workshop on …, 2004

The number of attacks against large computer systems is currently growing at a rapid pace. Despite the best efforts of security analysts, large organizations are having trouble keeping on top of the current state of their networks. In this paper, we describe a tool called NVisionIP that is designed to increase the security analyst's situational awareness. As humans are inherently visual beings, NVisionIP uses a graphical representation of a class-B network to allow analysts to quickly visualize the current state of their network. We present an overview of NVisionIP along with a discussion of various types of security-related scenarios that it can be used to detect.

IDS RainStorm: Visualizing IDS Alarms

2005

The massive amount of alarm data generated from intrusion detection systems is cumbersome for network system administrators to analyze. Often, important details are overlooked and it is difficult to get an overall picture of what is occurring in the network by manually traversing textual alarm logs. We have designed a novel visualization to address this problem by showing alarm activity within a network. Alarm data is presented in an overview where system administrators can get a general sense of network activity and easily detect anomalies. They then have the option of zooming and drilling down for details. The information is presented with local network IP (Internet Protocol) addresses plotted over multiple yaxes to represent the location of alarms. Time on the x-axis is used to show the pattern of the alarms and variations in color encode the severity and amount of alarms. Based on our system administrator requirements study, this graphical layout addresses what system administrators need to see, is faster and easier than analyzing text logs, and uses visualization techniques to effectively scale and display the data. With this design, we have built a tool that effectively uses operational alarm log data generated on the Georgia Tech campus network. The motivation and background of our design is presented along with examples that illustrate its usefulness.

ICARFAD: A Novel Framework for Improved Network Security Situation Awareness

International Journal of Computer Applications, 2014

Networking components and technologies is continuously proving their presence in various core areas of business like IT, Health Care, Stocks, and Emergencies with Military systems. It is possible by applying multiple system phenomenons of compatibility, interoperability and integration of different categories of devices and users. As the usage of information is increasing the transaction and data security needs to be provided effectively. It will serve as a critical and important task which assures data protection. This unexpected and frequent changes in the system is measured which gives a direction of vulnerable behaviour and the criticality of affecting the process. Accessing this information through actual network conditions and changes for improving the security is comes under the area of situational awareness system. This work proposes a novel ICARFAD (Information Collection, Assessment and Response, Feedback and Alerts Decisions) based situation awareness mechanism which gathers current network condition and clearly defines the boundaries by which security solutions can be designed effectively. It reflects all the changes made in configurations and methods taken as a security measures by maintaining a database which later on used to make the decisions for network security improvements. It also makes the visualization of attack conditions by making the graphs and plots which greatly improves the rate and the quality measures of persons or machines decision making.

Cyber situational awareness: from geographical alerts to high-level management

Journal of Visualization, 2016

This paper focuses on cyber situational awareness and describes a Visual Analytics solution for monitoring and putting in tight relation data from network level with the organization's business. The goal of the proposed solution is to make different security profiles (network security officer, network security manager, and financial security manager) aware of the actual network state (e.g., risk and attack progress) and the impact it actually has on the business tasks, making clear the relationships that exist between the network level and the business level. The proposed solution is instantiated on the ACEA infrastructure, the Italian company that provides power and water purification services to cities in central Italy (millions of end users).