A Survey of Visualization Tools Assessed for Anomaly-Based Intrusion Detection Analysis

Report No. ARL-TR-6891
Authors: Renée E. Etoty and Robert F. Erbacher
Date/Pages: April 2014; 50 pages
Abstract: Security visualization remains relatively an immature term. The idea of security visualization is the need for novel techniques that are fine-tuned for aiding cyber security analysts in distinguishing benign and malicious data. Intrusion Detection Systems (IDS) aim to do just that and the focus is more on the detection capability and not on presentation to the end user. For example, Snort logs a variety of information to a flat text file that requires additional parsing. The shortcoming of IDS is that no satisfactory solution to using visualization as an aid to intrusion detection (ID) has been developed and deployed. In particular, this report chooses to focus on the survey of current visualization tools that can enhance an IDS becoming more deployable. From this assessment, we provide suggestions of visualization tool compatibilities that best meet the needs of the anomaly-based intrusion detection analysis.
Distribution: Approved for public release
  Download Report ( 0.425 MBytes )
If you are visually impaired or need a physical copy of this report, please visit and contact DTIC.

Last Update / Reviewed: April 1, 2014