Ambient Display of Network Intrusion Status Information

Despite advances in intrusion detection and analysis systems (IDS), real-time monitoring of network security status remains a prominent problem. Current methods rely on serendipitous discovery of network anomalies through IDS alarms or exhaustive backtracking through off-line data repositories consisting of network flows and alarm logs. Our work seeks to enhance the alarm capabilities of IDS systems with simultaneous display of pertinent network data and IDS alerts facilitated by an ambient display. Ambient displays rely on the enormous bandwidth of the visual cortex to convey vast amounts of information in visual form. Here, we present a framework for network security visualization based on the display of configurable per-host qualities (e.g. data packets transferred) with an interface to current IDS systems (e.g. MINDS, Snort) with the goal of providing a flexible system to complement conventional network security analysis methods. CR Categories: I.3.m [Computer Graphics]: Miscellaneous;