Real-time Visualization Tool for Distributed Intrusion Detection System Data
Department of Defense
Agency Tracking Number:
Solicitation Topic Code:
Small Business Information
315 Wynn Drive, Suite 1, Huntsville, AL, 35805
Socially and Economically Disadvantaged:
AbstractCurrent intrusion detection systems are effective for collecting large quantities of event data, but they are inadequate for presenting information to security analysts in a useful way. Typically, to investigate a single problem, an analyst must study reams of data and devote substantial hours to writing complex custom filters; frequently critical data is distributed among multiple logs and available only on remote consoles, requiring access from multiple physical locations. To address this problem, Sentar proposes to develop a real-time visualization system, called Visual Net Defender (VND). VND aggregates, correlates, and presents data from multiple intrusion detection systems and enriches this information with data acquired through passive and active network monitoring. VND uses a multi-tier information architecture rendered in three dimensional space, using iconography based on familiar, recognizable objects, providing details on demand, while eliminating useless noise. Within this rich interactive environment, security conditions can be contextualized in intuitive ways that go beyond signature-based detection or automated correlation, allowing the analyst to integrate macro- and micro-level knowledge seamlessly and rapidly. By enabling systems and humans to do what they do best, VND permits the analyst to maintain an in-depth understanding the situation, resulting in better decision making, and therefore better security.
* information listed above is at the time of submission.