Abstract
Intrusion detection and prevention systems (IDPSs) are at the core of protecting an enterprise's network. In general, IDPSs use pre-defined rules to detect potential attacks. As the size of an organization grows and new types of intrusions appear, the quantity and complexity of the rules also increase. Moreover, IDPSs generate an overwhelming number of logs that are challenging to handle and analyze. For a more effective and integrative analysis and management of the rules and logs, we propose a novel visual analytics tool, Hyperion. Hyperion interactively visualizes rules to help users understand how the IDPS rules are managed and applied to the enterprise's network entities. Hyperion also provides effective visualizations to enable users to visually analyze the type, period, traffic, and frequency of attacks in addition to a traditional count-based timeline visualization. Finally, Hyperion enables users to interactively simulate the effect of a change in parameters of a detection rule. These features can help streamline the security control cycle consisting of rule application, information collection, log analysis, and rule revision.
Highlights
Network attacks have been increasing since the inception of the Internet
The security systems of these organizations usually consist of various infrastructures, such as intrusion detection and prevention systems (IDPSs), firewalls, virtual private networks, and enterprise security management solutions
Through a collaboration with security experts in a major information company for more than one year, we identified the following challenges in operating an IDPS
Summary
Network attacks have been increasing since the inception of the Internet. Most organizations employ cyber security systems to defend their networks against such attacks. The security systems of these organizations usually consist of various infrastructures, such as intrusion detection and prevention systems (IDPSs), firewalls, virtual private networks, and enterprise security management solutions. An intrusion detection system (IDS) allows security experts to inspect raw network packet data and detect intrusive activities, such as malicious codes, vulnerability attacks, and abnormal access attempts. In addition to an IDS, an IDPS enables a more active approach, blocking threats based on various criteria specified as IDPS rules. With this ability, the IDPS became an essential component for maintaining enterprise security
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
