When performing packet-level analysis in intrusion detection, analysts often lose sight of the "big picture" while examining these low-level details. In order to prevent this loss of context and augment the available tools for intrusion detection analysis tasks, we developed an information visualization tool, the Time-based Network traffic Visualizer (TNV). TNV is grounded in an understanding of the work practices of intrusion detection analysts, particularly foregrounding the overarching importance of context and time in the process of intrusion detection analysis. The main visual component of TNV is a matrix showing network activity of hosts over time, with connections between hosts superimposed on the matrix, complemented by multiple, linked views showing port activity and the details of the raw packets. Providing low-level textual data in the context of a high-level, aggregated graphical display enables analysts to examine packetlevel details within the larger context of activity. This combination has the potential to facilitate the intrusion detection analysis tasks and help novice analysts learn what constitutes "normal" on a particular network.
Human use of land is a major cause of the global environmental changes that define the Anthropocene. Archaeological and paleoecological evidence confirm that human populations and their use of land transformed ecosystems at sites around the world by the late Pleistocene and historical models indicate this transformation may have reached globally significant levels more than 3000 years ago. Yet these data in themselves remain insufficient to conclusively date the emergence of land use as a global force transforming the biosphere, with plausible dates ranging from the late Pleistocene to AD 1800. Conclusive empirical dating of human transformation of the terrestrial biosphere will require unprecedented levels of investment in sustained interdisciplinary collaboration and the development of a geospatial cyberinfrastructure to collate and integrate the field observations of archaeologists, paleoecologists, paleoenvironmental scientists, environmental historians, geoscientists, geographers and other human and environmental scientists globally from the Pleistocene to the present. Existing field observations may yet prove insufficient in terms of their spatial and temporal coverage, but by assessing these observations within a spatially explicit statistically robust global framework, major observational gaps can be identified, stimulating data gathering in underrepresented regions and time periods. Like the Anthropocene itself, building scientific understanding of the human role in shaping the biosphere requires both sustained effort and leveraging the most powerful social systems and technologies ever developed on this planet.
Boundary objects are a critical, but understudied, theoretical construct in CSCW. Through a field study of aircraft technical support, we examined the role of boundary objects in the practical achievement of safety by service engineers. Their resolution of repair requests was preserved in the organization's memory via three compound boundary objects. These crystallizations did not manifest a static interpretation, but instead were continually reinterpreted in light of meta-negotiations. This suggests design implications for organizational memory systems which can more fluidly represent the meta-negotiations surrounding boundary objects.
PurposeThe paper seeks to provide a foundational understanding of the socio‐technical system that is computer network intrusion detection, including the nature of the knowledge work, situated expertise, and processes of learning as supported by information technology.Design/methodology/approachThe authors conducted a field study to explore the work of computer network intrusion detection using multiple data collection methods, including semi‐structured interviews, examination of security tools and resources, analysis of information security mailing list posts, and attendance at several domain‐specific user group meetings.FindingsThe work practice of intrusion detection analysts involves both domain expertise of networking and security and a high degree of situated expertise and problem‐solving activities that are not predefined and evolve with the dynamically changing context of the analyst's environment. This paper highlights the learning process needed to acquire these two types of knowledge, contrasting this work practice with that of computer systems administrators.Research limitations/implicationsThe research establishes a baseline for future research into the domain and practice of intrusion detection, and, more broadly, information security.Practical implicationsThe results presented here provide a critical examination of current security practices that will be useful to developers of intrusion detection support tools, information security training programs, information security management, and for practitioners themselves.Originality/valueThere has been no research examining the work or expertise development processes specific to the increasingly important information security practice of intrusion detection. The paper provides a foundation for future research into understanding this highly complex, dynamic work.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.