Information Visualization for an Intrusion Detection System


James Blustein
Daniel L. Silver
Ching-Lung Fu

Author Addresses: 

Faculty of Computer Science Dalhousie University
6050 University Ave.
PO Box 15000
Halifax, Nova Scotia, Canada
B3H 4R2


Spatial hypertext was developed from studies of how humans deal with information overflow particularly in situations where data needed to be interpreted quickly. Intrusion detection requires security managers of large networks to rapidly respond (often in real-time) to masses of information. Users of such systems need to recognize large developing patterns in masses of data, they prefer to work individually (although they must function in collaborative groups), and they rely on their intuitions more than deductive logic. Such users have particular personality characteristics and job needs which can be well served by interfaces which use a spatial hypertext model. Also, like most users, they prefer to be in charge of the process that they use the computer as a tool to assist with. The architecture proposed in this article is based on spatial hypertext and machine learning. That interface design allows for a great deal of interface flexibility and user control. The article discusses in detail how spatial hypertext, and the proposed architecture in particular, can well fulfill the needs of intrusion detection system users through personalized information filtering.

Tech Report Number: 
Report Date: 
July 28, 2005
PDF icon CS-2005-15.pdf241.16 KB