Snort ids system visualization interface for alert analysis

Abstract

Over the past decades, the rapid Internet development and the growth in the number of its users have raised various security issues. Therefore, it is of great importance to ensure the security of the network in order to enable the safe exchange of confidential data, as well as their integrity. One of the most important components of network attack detection is an Intrusion Detection System (IDS). Snort IDS is a widely used intrusion detection system, which logs alerts after detecting potentially dangerous network packets. A major challenge in network monitoring is the high volume of generated IDS alerts. A necessary step in successful network protection is the analysis of the great amount of logged alerts in search of deviations from normal traffic that may indicate an intrusion. The goal of this paper is to design and implement a visualization interface for IDS alert analysis, which graphically presents alerts generated by Snort IDS. Also, the proposed system classifies the alerts according to the most important attack parameters, and allows the users to understand evolving network situations and easily detect possible traffic irregularities. An environment in which the system has been tested in real-time is described, and the results of attack detection and classification are given. One of the detected attacks is analyzed in detail, as well as the method of its detection and its possible consequences.