Geovisual analytics for cyber security: Adopting the GeoViz Toolkit

Giacobe, Nicklaus A.; Xu, Sen

doi:10.1109/vast.2011.6102491

Cited by 10 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Each block in the heat map represents a record in a log file, arranged in a day (Y axis) to hour (X axis) way with varying colors indicating different sources of logs files. Another example of pixel map design is the system developed by Nicklaus et al [10], which include a bivariate geomap view, a scatterplot view, a parallel coordinate plots view, and a histogram view. Alert frequency and types are clearly described in this design.…”

Section: Single Event Based Visualizationmentioning

confidence: 99%

A survey of network anomaly visualization

Zhang

Wang

et al. 2017

Sci. China Inf. Sci.

View full text Add to dashboard Cite

Network anomaly analysis is an emerging subtopic of network security. Network anomaly refers to the unusual behavior of network devices or suspicious network status. A number of intelligent visual tools are developed to enhance the ability of network security analysts in understanding the original data, ultimately solving network security problems. This paper surveys current progress and trends in network anomaly visualization. By providing an overview of network anomaly data, visualization tasks, and applications, we further elaborate on existing methods to depict various data features of network alerts, anomalous traffic, and attack patterns data. Directions for future studies are outlined at the end of this paper.

show abstract

Section: Single Event Based Visualizationmentioning

confidence: 99%

A survey of network anomaly visualization

Zhang

Wang

et al. 2017

Sci. China Inf. Sci.

View full text Add to dashboard Cite

show abstract

“…The work in [5] allows for inspecting geographical and time dependent logs, while [9] relies on a geographic representation of the resources, using the GeoViz tooolkit [12]; conversely, we use composite nodes and resources are first aggregated and mapped or directly mapped, according to their cardinality and space constraints. In [11] is proposed the integration of geographical and logical representations.…”

Section: Related Workmentioning

confidence: 99%

Cyber situational awareness: from geographical alerts to high-level management

Angelini

Santucci

2016

J Vis

View full text Add to dashboard Cite

This paper focuses on cyber situational awareness and describes a visual analytics solution for monitoring and putting in tight relation data from network level with the organization business. The goal of the proposed solution is to make different security profiles (network security officer, network security manager, and financial security manager) aware of the actual network state (e.g., risk and attack progress) and the impact it actually has on the business tasks, making clear the relationships that exist between the network level and the business level. The proposed solution is instantiated on the ACEA infrastructure, the Italian company that provides power and water purification services to cities in central Italy (millions of end users

show abstract

“…We processed raw data from the 2011 VAST Challenge 1 (Mini-Challenge 2) to create two "training" scenarios and two "performance" scenarios in both of the interfaces. Raw data was converted into a frequency-based interpretation of the events, as we have done previously (Giacobe & Xu, 2011). Raw data from the vulnerability scan, firewall, Snort IDS system and Windows server were processed into the appropriate hourly summation data types.…”

Section: Development Of Simulation Scenariosmentioning

confidence: 99%

A Picture is Worth a Thousand Alerts

Giacobe

2013

Proceedings of the Human Factors and Ergonomics Society Annual

Self Cite

View full text Add to dashboard Cite

Situation awareness (SA) in cyber-security is difficult to measure, yet new tools from research and industry promise improved cyber SA. This paper describes a human-subjects experiment using a high task fidelity cyber-security simulator. Participants from two groups (novice and experienced) were recruited and assigned to one of two interfaces (text and visual analytic), in a 2x2 between-subjects experimental design. The underlying cyber-security data presented to participants was the same for each interface, and included intrusion detection, firewall and vulnerability scan reports spanning the same time period. The participant's situation awareness was measured using different techniques including a freeze-probe, post-trial assessments of perceived workload and perceived SA as well as a measure of task effectiveness. Comparison of the results indicate that this multi-method approach of cognitive assessment may be useful in understanding a phenomenon like SA, especially where tasks are complex and virtual such as is common in cyber-security.

show abstract

Geovisual analytics for cyber security: Adopting the GeoViz Toolkit

Cited by 10 publications

References 5 publications

A survey of network anomaly visualization

A survey of network anomaly visualization

Cyber situational awareness: from geographical alerts to high-level management

A Picture is Worth a Thousand Alerts

Contact Info

Product

Resources

About