Publication Type: Journal Article
Source: Information & Security: An International Journal, Volume 12, Issue 2, p.235-249 (2003)
Keywords: information visualization
, intrusion detection
, mobile devices
Mobile devices, such as PDAs, allow a sort of ubiquitous access to the Internet. This can be of great value to all disciplines where information has to be conveyed to the user in “real time” independently of his/her physical location. Intrusion detection applications can take advantage of the use of mobile devices by allowing a constant monitoring of the state of a computer system.
This paper proposes an integrated framework to visualize intrusion detection data on PDAs. The Snort ID system is used to detect attacks and intrusions and to store the collected information into a database. The information is processed by software called Guardian that produces the actual data to be fed to the visualization application. The proposed architecture is tailored for monitoring large buildings by organizing spatial data information in a hierarchical way. The user can discover and manage attacks/intrusions at the top level of the hierarchy (the entire building), as well as at the leaf level (the single machine placed into a room), where detailed information about the attack can be obtained.