LAUSR

Intrusion detection systems (IDSs) generally produce an overwhelming amount of alerts, which are commonly plagued by issues of false positives. It is cumbersome for network administrators to manually traverse text-based alert logs in order to detect threats. In this work, we present a novel radial visualization of IDSs alerts, IDSPlanet, which helps administrators identify false positives, analyze attack patterns, and understand evolving network situations. Using a planet's geology as a metaphor for the design, IDSPlanet is composed of chrono rings, alert continents, and an interactive core. Accordingly, these components encode the temporal features of alert types, patterns of behavior in affected hosts, and correlations amongst alert types, attackers, and targets, respectively. The visualization provides an informative picture of networks' status. IDSPlanet offers different interactions and monitoring modes, which allow users to investigate in detail as well as to explore overall pattern. Two case studies and two interviews were conducted to demonstrate the usability and effectiveness of our visualization design.