Hyperion: A Visual Analytics Tool for an Intrusion Detection and Prevention System
Intrusion detection and prevention systems (IDPSs) are at the core of protecting an enterprise's network. In general, IDPSs use pre-defined rules to detect potential attacks. As the size of an organization grows and new types of intrusions appear, the quantity and complexity of the rules also i...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2020-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9145532/ |
| id |
doaj-f05d88afd8f44a65883f20a7581963cd |
|---|---|
| record_format |
Article |
| spelling |
doaj-f05d88afd8f44a65883f20a7581963cd2021-03-30T04:41:11ZengIEEEIEEE Access2169-35362020-01-01813386513388110.1109/ACCESS.2020.30107899145532Hyperion: A Visual Analytics Tool for an Intrusion Detection and Prevention SystemSeunghoon Yoo0https://orcid.org/0000-0002-1712-1162Jaemin Jo1https://orcid.org/0000-0002-5207-6010Bohyoung Kim2https://orcid.org/0000-0002-2183-5651Jinwook Seo3https://orcid.org/0000-0002-7734-822XDepartment of Computer Science, Republic of Korea Air Force Academy, Cheongju, South KoreaDepartment of Computer Science and Engineering, Seoul National University, Seoul, South KoreaDivision of Biomedical Engineering, Hankuk University of Foreign Studies, Yongin, South KoreaDepartment of Computer Science and Engineering, Seoul National University, Seoul, South KoreaIntrusion detection and prevention systems (IDPSs) are at the core of protecting an enterprise's network. In general, IDPSs use pre-defined rules to detect potential attacks. As the size of an organization grows and new types of intrusions appear, the quantity and complexity of the rules also increase. Moreover, IDPSs generate an overwhelming number of logs that are challenging to handle and analyze. For a more effective and integrative analysis and management of the rules and logs, we propose a novel visual analytics tool, Hyperion. Hyperion interactively visualizes rules to help users understand how the IDPS rules are managed and applied to the enterprise's network entities. Hyperion also provides effective visualizations to enable users to visually analyze the type, period, traffic, and frequency of attacks in addition to a traditional count-based timeline visualization. Finally, Hyperion enables users to interactively simulate the effect of a change in parameters of a detection rule. These features can help streamline the security control cycle consisting of rule application, information collection, log analysis, and rule revision.https://ieeexplore.ieee.org/document/9145532/Cybersecurityintrusion detectionvisual analytics |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Seunghoon Yoo Jaemin Jo Bohyoung Kim Jinwook Seo |
| spellingShingle |
Seunghoon Yoo Jaemin Jo Bohyoung Kim Jinwook Seo Hyperion: A Visual Analytics Tool for an Intrusion Detection and Prevention System IEEE Access Cybersecurity intrusion detection visual analytics |
| author_facet |
Seunghoon Yoo Jaemin Jo Bohyoung Kim Jinwook Seo |
| author_sort |
Seunghoon Yoo |
| title |
Hyperion: A Visual Analytics Tool for an Intrusion Detection and Prevention System |
| title_short |
Hyperion: A Visual Analytics Tool for an Intrusion Detection and Prevention System |
| title_full |
Hyperion: A Visual Analytics Tool for an Intrusion Detection and Prevention System |
| title_fullStr |
Hyperion: A Visual Analytics Tool for an Intrusion Detection and Prevention System |
| title_full_unstemmed |
Hyperion: A Visual Analytics Tool for an Intrusion Detection and Prevention System |
| title_sort |
hyperion: a visual analytics tool for an intrusion detection and prevention system |
| publisher |
IEEE |
| series |
IEEE Access |
| issn |
2169-3536 |
| publishDate |
2020-01-01 |
| description |
Intrusion detection and prevention systems (IDPSs) are at the core of protecting an enterprise's network. In general, IDPSs use pre-defined rules to detect potential attacks. As the size of an organization grows and new types of intrusions appear, the quantity and complexity of the rules also increase. Moreover, IDPSs generate an overwhelming number of logs that are challenging to handle and analyze. For a more effective and integrative analysis and management of the rules and logs, we propose a novel visual analytics tool, Hyperion. Hyperion interactively visualizes rules to help users understand how the IDPS rules are managed and applied to the enterprise's network entities. Hyperion also provides effective visualizations to enable users to visually analyze the type, period, traffic, and frequency of attacks in addition to a traditional count-based timeline visualization. Finally, Hyperion enables users to interactively simulate the effect of a change in parameters of a detection rule. These features can help streamline the security control cycle consisting of rule application, information collection, log analysis, and rule revision. |
| topic |
Cybersecurity intrusion detection visual analytics |
| url |
https://ieeexplore.ieee.org/document/9145532/ |
| work_keys_str_mv |
AT seunghoonyoo hyperionavisualanalyticstoolforanintrusiondetectionandpreventionsystem AT jaeminjo hyperionavisualanalyticstoolforanintrusiondetectionandpreventionsystem AT bohyoungkim hyperionavisualanalyticstoolforanintrusiondetectionandpreventionsystem AT jinwookseo hyperionavisualanalyticstoolforanintrusiondetectionandpreventionsystem |
| _version_ |
1724181494394519552 |