An integrated visual intrusion detection and analysis system

The existing Intrusion Detection Systems often convey intrusion detection by using either or combination of network intrusion detection sensors, and host intrusion detection sensors. They do not integrate other devices such as firewalls, routers, mail, web, and DNS servers to extend the data collection resources. As a result of limited data resources, the higher correlation among intrusion data cannot be achieved and higher accurate results cannot be produced. There is also an issue of security between IDS sensors and central console. The intrusion results are also often represented as textual log files and hence are more difficult to analyze by a human user. This paper discusses a need and proposes a framework for an Integrated Intrusion detection system with inbuilt visual an lysis tool. This system will provide various logs, audit trails, policy violations and alerts. All of this data could be collected and aggregated into a single database. The database could then be analyzed by using data mining and information visualization methods to determine and verify if an intrusion has occurred.