Using Visual Analytics to Develop Situation Awareness in Network Intrusion Detection System

摘要

Network Intrusion Detection System (NIDS) is a security system that monitors the network traffic and analyzes activities for possible hostile attacks. A novel collaborative visual analytics application for cognitive overloaded site security officer (SSO) in the network intrusion detection environment is presented. The system was developed for site security officers who need to analyze heterogeneous, complex intrusion under time pressure, and then make predictions and time-critical decisions rapidly and correctly under a constant influx of intrusion alert/alarm. This purpose was achieved by designing system architecture of a Treemaps Visualization on NIDs. The Treemaps Network Intrusion Detection System was implemented using the Java platform. The results of an informal usability of the network system were evaluated by the security experts in the context of Endley’s three levels of situation awareness. The proposed visualization tool has some economic advantages by aiding NID’s SSO to dynamically discover intrusive zone which will reduce cost of manual analysis and high risks, efficient space utilization, interactivity, comprehension and esthetics.