Networks such as the Internet, Local Area Network, Extranets and Intranets are common today. Networks typically comprise communication media, routers, network switches, firewalls. Computers such as client computers and servers are connected to networks.
Network security is important, especially when the network and the computers on the network are connected to the Internet. There are various types of malicious “intrusions” that can jeopardize a network. Examples of malicious intrusions are viruses, worms, denial of service attacks, and buffer overflow attacks.
There are various known techniques to protect against such intrusions. A firewall at the gateway to the network or within a computer can block (a) messages containing a known electronic signature of a virus or worm, (b) all messages from source IP addresses known from experience to be malicious, (c) messages containing words characteristic of spam, (d) some or all messages from source IP addresses which are sending an unusually large number of messages to the same destination IP address, (e) all messages sent from a source IP address to a destination IP address which should not receive messages from this source, (f) entire networks which are known to be malicious and (g) entire countries for which there is no legitimate reason to allow network traffic. While these techniques are generally effective, some of the techniques require an identification, compilation and analysis of likely sources of the intrusions, their destinations, known malicious ports and attack signatures in order to determine the proper corrective action. It was known to provide a table which lists for each destination IP address the source IP addresses of messages sent to this destination IP address, to help identify malicious attacks. While these techniques are accurate and comprehensive in the information they present, there is typically too much data for a human to readily and effectively analyze when presented in this form.
Accordingly, an object of the present invention is to visually present intrusion data in a manner which a human can readily and effectively analyze.
Another object of the present invention is to visually present intrusion data in a manner which a human can readily and effectively analyze for the purpose of determining proper corrective action.