A visualization paradigm for network intrusion detection

Livnat, Yarden; Agutter, James; Moon, Sung M.; Erbacher, Robert F.; Foresti, Stefano

doi:10.1109/iaw.2005.1495939

Cited by 74 publications

(57 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Rigorous scientific testing has demonstrated that dwelling in such data representation architectures allows people (i.e., network managers, traders, anesthesiologists, etc.) to make more accurate, faster, and better decisions than with existing systems [26,37,30,[42][43][44][53][54][55][56][57][58]. And they can do so while with reducing their cognitive load, stress, and training time.…”

Section: Discussionmentioning

confidence: 99%

Architectural Research in Information Visualization: 10 Years after

Bermúdez

Agutter

Foresti

2006

International Journal of Architectural Computing

View full text Add to dashboard Cite

As our civilization dives deeper into the information age, making sense of ever more complex and larger amounts of data becomes critical.This article reports on interdisciplinary work in Information Visualization addressing this challenge and using architectural expertise as its main engine.The goal of this research is to significantly improve real time decision making in complex data spaces while devising a new architecture that responds to complex information environments. Although we have been reporting in aspects of this work for the past 7 years, this paper covers unpublished knowledge, design methods, operational strategies, and other details that bring together all the material published by our group thus far into a comprehensive and useful whole.We conclude by presenting our latest InfoVis design work in Network Security.

show abstract

Section: Discussionmentioning

confidence: 99%

Architectural Research in Information Visualization: 10 Years after

Bermúdez

Agutter

Foresti

2006

International Journal of Architectural Computing

View full text Add to dashboard Cite

show abstract

“…On the other hand, a longer periodicity could lead to a frame that does not have much connection to the frame displayed before the last refresh. The periodicity should be defined such that there is a balance the two issues, so that the frame of data that appears after the last refresh is not vastly different from the frame just before the refresh [6].…”

Section: ) Visualization Techniquementioning

confidence: 99%

Framework for Visualizing Browsing Patterns Captured in Computer Logs Using Data Mining Techniques

Fernandez¹,

Fetais²

2016

IJCIS

View full text Add to dashboard Cite

show abstract

“…Certain elements of the data are of key importance to the operator at this stage: event severity, target and time, or "the W3 of What, Where, When" [11]. These represent the minimum dimensionality that can be known in order to start building an actionable model of the situation (the date, time, IP and priority fields in the IDS alert logs).…”

Section: ) Monitoringmentioning

confidence: 99%

Pianola - Visualization of Multivariate Time-Series Security Event Data

Thomson¹,

Graham

Kennedy

2013

2013 17th International Conference on Information Visualisation

View full text Add to dashboard Cite

Abstract-Monitoring log files for network intrusions is unwieldy. To build a mental model of the log, an analyst is required to recognise continuous timelines and attack patterns from a dataset that is essentially limited to an ordered list of events. Information Visualization techniques arrange data into directly perceivable visual patterns that may alleviate some overheads associated with interpreting these datasets and improve the ability of users, especially those in resourcestretched Small and Medium sized Businesses (SMBs), to make sense of activity patterns in Intrusion Detection System (IDS) event logs. To this end, we discuss existing network security visualizations for IDS logs and after examining the strengths and drawbacks of those applications we have prototyped a visualization tool, Pianola, that arranges events on multiple timelines to reveal patterns both in time and across a network. The tool was evaluated against the traditional use of commandline interface (CLI)-based tools for analyzing network security events and displayed significant improvements in both recognition and detection of attacks and reduction in the users' subjective workload, measured using the NASA Task Load index (TLX).

show abstract

A visualization paradigm for network intrusion detection

Cited by 74 publications

References 10 publications

Architectural Research in Information Visualization: 10 Years after

Architectural Research in Information Visualization: 10 Years after

Framework for Visualizing Browsing Patterns Captured in Computer Logs Using Data Mining Techniques

Pianola - Visualization of Multivariate Time-Series Security Event Data

Contact Info

Product

Resources

About