We offer visual insight into the anomalies triggered by a detection system to assist in performing root-cause analysis.
Visicorn is a visualization system that aids in developing inferences about the anomalies triggered by the Unicorn Intrusion Detection System. By encoding vast, graph-structured data in easy-to-understand visualizations, Visicorn assists IT administrators and security analysts in the identification and root-cause analysis of intrusions within their systems. We transform large graphs, graph histograms, and histogram sketches into highly compressed visual representations that highlight when attacks occur in a system, what sorts of unique events or patterns of events co-occur with those attacks, and what later actions appear to be related to a system anomaly or intrusion. Our goal is to connect intrusions to the parts of the operating system that were vulnerable to the attack.
Systopia lab is supported by a number of government and industrial sources, including Cisco Systems, the Communications Security Establishment Canada, Intel Research, the National Sciences and Engineering Research Council of Canada (NSERC), Network Appliance, Office of the Privacy Commissioner of Canada, and the National Science Foundation (NSF).