IDSRadar: a real-time visualization framework for IDS alerts

Intrusion Detection Systems (IDS) is an automated cyber security monitoring system to sense malicious activities. Unfortunately, IDS often generates both a considerable number of alerts and false positives in IDS logs. Information visualization allows users to discover and analyze large amounts of information through visual exploration and interaction efficiently. Even with the aid of visualization, identifying the attack patterns and recognizing the false positives from a great number of alerts are still challenges. In this paper, a novel visualization framework, IDSRadar, is proposed for IDS alerts, which can monitor the network and perceive the overall view of the security situation by using radial graph in real-time. IDSRadar utilizes five categories of entropy functions to quantitatively analyze the irregular behavioral patterns, and synthesizes interactions, filtering and drill-down to detect the potential intrusions. In conclusion, IDSRadar is used to analyze the mini-challenges of the VAST challenge 2011 and 2012.