Snort IDS Alerts - Unity 3D
Snort IDS Alerts - Unity 3D

Below is a quick screenshot of a 2D Javascript D3 force-directed graph visualization over 19000 Snort IDS alerts represented by around 2000 nodes and 2000 edges. Obviously, this is not the best way to visualize large data sets. It’s not scalable in 2D.

Snort Alerts - FDG
Snort Alerts – FDG

Below is a quick screenshot of the same set of over 19000 Snort IDS alerts represented by around 2000 nodes and 2000 edges, created as a radial-tree cluster using D3. This is also not a good way to visualize large data sets. It’s not scalable, cannot read the text labels.

Snort IDS Alerts - Radial Cluster
Snort IDS Alerts – Radial Cluster

Finally, in contrast, below is are two quick screenshots of the same set of the same 1900+ Snort IDS alerts representing around 4000 nodes and edges (same data set as above), created as a force-directed graph using Unity 3D. This scales OK; the limits of resolution in this visual are constrained by the very slow graphics card on my 3 year old MacBook Air.

Snort IDS Alerts - 3D
Snort IDS Alerts – 3D
Snort IDS Alerts - 3D
Snort IDS Alerts – 3D

I took these screenshots on a 13″ MacBook Air projected onto a 34″ gaming monitor, so the resolution is not good and the graphics are not very good quality (too lazy to retake the pics) but you get the idea.

Large data sets do not scale in 2D.

This morning my IDS alert file shows 13952 Snort Alerts, 1678 nodes and about the same number of edges (about twice as many as the quick snaps above). The limits of visualization is constrained by the performance of my graphics card. I’m going to solve this scaling problem and build a top-of-the-line 3D/VR capable gaming computer soon (Intel i7 CPU, Nvidia 1080 GPU, etc) and test the limits of the current state-of-the-art and post back on this in a few weeks.