TY - JOUR KW - information visualization KW - intrusion detection KW - mobile devices KW - PDA AU - Andrea Sanna AU - Claudio Fornaro AB -
Mobile devices, such as PDAs, allow a sort of ubiquitous access to the Internet. This can be of great value to all disciplines where information has to be conveyed to the user in “real time” independently of his/her physical location. Intrusion detection applications can take advantage of the use of mobile devices by allowing a constant monitoring of the state of a computer system. This paper proposes an integrated framework to visualize intrusion detection data on PDAs. The Snort ID system is used to detect attacks and intrusions and to store the collected information into a database. The information is processed by software called Guardian that produces the actual data to be fed to the visualization application. The proposed architecture is tailored for monitoring large buildings by organizing spatial data information in a hierarchical way. The user can discover and manage attacks/intrusions at the top level of the hierarchy (the entire building), as well as at the leaf level (the single machine placed into a room), where detailed information about the attack can be obtained.
BT - Information & Security: An International Journal DA - 2003 DO - http://dx.doi.org/10.11610/isij.1214 IS - 2 LA - eng N2 -Mobile devices, such as PDAs, allow a sort of ubiquitous access to the Internet. This can be of great value to all disciplines where information has to be conveyed to the user in “real time” independently of his/her physical location. Intrusion detection applications can take advantage of the use of mobile devices by allowing a constant monitoring of the state of a computer system. This paper proposes an integrated framework to visualize intrusion detection data on PDAs. The Snort ID system is used to detect attacks and intrusions and to store the collected information into a database. The information is processed by software called Guardian that produces the actual data to be fed to the visualization application. The proposed architecture is tailored for monitoring large buildings by organizing spatial data information in a hierarchical way. The user can discover and manage attacks/intrusions at the top level of the hierarchy (the entire building), as well as at the leaf level (the single machine placed into a room), where detailed information about the attack can be obtained.
PY - 2003 SP - 235 EP - 249 T2 - Information & Security: An International Journal TI - IMoViS: A System for Mobile Visualization of Intrusion Detection Data VL - 12 ER -