Multi-Node Monitoring and Intrusion Detection

R.F. Erbacher, X. Teng, and S. Pandit (USA)


Information Visualization, Computer Security, Intrusion Detection


The monitoring of systems connected to the Internet is critical for the maintenance of security and privacy. The threat of hackers, terrorism, and internal misuse are major concerns of any organization. In this paper, we expand our visual monitoring environment to support multiple monitored systems and provide an effective layout of the nodes (hosts) for the analysis of the networked environment. We discuss the analysis and correlation strategies needed in such a multi-host environment in order to identify unusual activity. The effectiveness of the correlation and analysis activities is directly related to the node organization. We will show that the node layout we have developed leads to a very effective organization in that line intersections and line orientations are designed to be informative and indicative of unusual activity. Given the effectiveness of line intersections and line orientations as visual attractors, as they are discerned pre-attentively [1], this leads to a very effective monitoring environment. Given our goal is to provide an additional tool to system administrators with the understanding that this is not their sole task then the ready discrimination and identification of activity needing attention is crucial.

Important Links:

Go Back