Visualising Communication Network Security Attacks

Abstract

The task of exploring and analysing large quantities of communication network security data is difficult. Visualisation of the data should help the analyses and make data exploration faster and easier. This paper describes prototype software that visualises the alerts effectively and provides a simple presentation. The needs analysis of this prototype is based on the suggested needs of network security analyst's tasks as seen in the literature. The prototype software incorporates various projections of the alert data in 3-dimensional displays. Filtering, drill-down and playback of alerts at variable speed are incorporated to strengthen the analysis. We integrate a false alert classifier using classification tree algorithm to classify alerts into false and true alerts. Real-time visual observation is also included. We describe some example analyses to prove the usefulness of our prototype.