Flexible web visualization for alert-based network security analytics

Hao, Lihua; Healey, Christopher G.; Hutchinson, Steve

doi:10.1145/2517957.2517962

Cited by 18 publications

(14 citation statements)

References 14 publications

(14 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Additionally, several histograms are provided with dual purposes: to give an overview of the data and to guide users in their analysis. Hao et al [146] also describe a web-based visualization system designed for network security analysts at the U.S. Army Research Laboratory (ARL). This tool aims at visual support to the analysts to give better insights about security alerts for malicious activity within their systems.…”

Section: B State Of the Artmentioning

confidence: 99%

A Survey on Information Visualization for Network and Service Management

Guimaraes

Freitas

Sadre

et al. 2016

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Network and service management encompasses a set of activities, methods, procedures, and tools whose ultimate goal is to guarantee the proper functioning of a networked system. Computational tools are essential to help network administrators in their daily tasks, and information visualization techniques are of great value in such context. In essence, information visualization techniques associated to visual analytics aim at facilitating the tasks of network administrators in the process of monitoring and maintaining the network health. This paper surveys the use of information visualization techniques as a tool to support the network and service management process. Through a Systematic Literature Review (SLR), we provide a historical overview and discuss the current state of the art in the field. We present a classification of 285 articles and papers from 1985 to 2013, according to an information visualization taxonomy as well as a network and service management taxonomy. Finally, we point out future research directions and opportunities regarding the use of information visualization in network and service management.Taking into account the example mentioned above, [15] and [17] are examples of articles/papers that match with the research goal. Thus, they are stored and cataloged, and their references are verified. In the analysis of the references of [15], for example, we found the work of Koike et al. "Visualizing cyber attacks using IP matrix" [19]. On the other hand, [16] is an example of a work that was discarded after the analysis of the abstract and keywords (i.e., the second step of filtering).Once finished the search process, a set of 374 articles and papers remained selected. These publications are from a time interval ranging from 1985 to 2013.

show abstract

Section: B State Of the Artmentioning

confidence: 99%

A Survey on Information Visualization for Network and Service Management

Guimaraes

Freitas

Sadre

et al. 2016

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

show abstract

“…Many authors of the VizSec papers are not consistent in their use of these terms. Most usage scenarios are reported in a section called "case study," and others have reported their formal case studies under other names, such as an "example analysis session" [17]. Usage scenarios can serve a purpose, but it is important to note that a lack of connection back to real users or real data (or both) may question the validity and utility of the evaluated tool.…”

Section: Evaluation Using Case Studiesmentioning

confidence: 99%

Visualization evaluation for cyber security

Staheli

Crouser

et al. 2014

Proceedings of the Eleventh Workshop on Visualization for Cyber Security

View full text Add to dashboard Cite

The Visualization for Cyber Security research community (VizSec) addresses longstanding challenges in cyber security by adapting and evaluating information visualization techniques with application to the cyber security domain. This research effort has created many tools and techniques that could be applied to improve cyber security, yet the community has not yet established unified standards for evaluating these approaches to predict their operational validity. In this paper, we survey and categorize the evaluation metrics, components, and techniques that have been utilized in the past decade of VizSec research literature. We also discuss existing methodological gaps in evaluating visualization in cyber security, and suggest potential avenues for future research in order to help establish an agenda for advancing the state-of-the-art in evaluating cyber security visualizations.

show abstract

“…The cluster tree visualization allows analysts to interactively choose subsets of members to compare, analyze and visualize, allowing them to efficiently discover traffic with similar or unique patterns. It also meets the design requirements demonstrated in our prototype security visualization system, built in the collaboration with security analysts at the U.S. Army Research Laboratory (ARL) [8]:…”

Section: Introductionmentioning

confidence: 69%

Ensemble visualization for cyber situation awareness of network security data

Hao

Healey

Hutchinson

2015

2015 IEEE Symposium on Visualization for Cyber Security (VizSec)

Self Cite

View full text Add to dashboard Cite

Network security analysis and ensemble data visualization are two active research areas. Although they are treated as separate domains, they share many common challenges and characteristics. Both focus on scalability, time-dependent data analytics, and exploration of patterns and unusual behaviors in large datasets. These overlaps provide an opportunity to apply ensemble visualization research to improve network security analysis. To study this goal, we propose methods to interpret network security alerts and flow traffic as ensemble members. We can then apply ensemble visualization techniques in a network analysis environment to produce a network ensemble visualization system. Including ensemble representations provide new, in-depth insights into relationships between alerts and flow traffic. Analysts can cluster traffic with similar behavior and identify traffic with unusual patterns, something that is difficult to achieve with high-level overviews of large network datasets. Furthermore, our ensemble approach facilitates analysis of relationships between alerts and flow traffic, improves scalability, maintains accessibility and configurability, and is designed to fit our analysts' working environment, mental models, and problem solving strategies.

show abstract

Flexible web visualization for alert-based network security analytics

Cited by 18 publications

References 14 publications

A Survey on Information Visualization for Network and Service Management

A Survey on Information Visualization for Network and Service Management

Visualization evaluation for cyber security

Ensemble visualization for cyber situation awareness of network security data

Contact Info

Product

Resources

About