Visual correlation of network alerts

Foresti, Stefano; Agutter, James; Livnat, Yarden; Moon, Sung M.; Erbacher, Robert F.

doi:10.1109/mcg.2006.49

Cited by 56 publications

(43 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Rigorous scientific testing has demonstrated that dwelling in such data representation architectures allows people (i.e., network managers, traders, anesthesiologists, etc.) to make more accurate, faster, and better decisions than with existing systems [26,37,30,[42][43][44][53][54][55][56][57][58]. And they can do so while with reducing their cognitive load, stress, and training time.…”

Section: Discussionmentioning

confidence: 99%

Architectural Research in Information Visualization: 10 Years after

Bermúdez

Agutter

Foresti

2006

International Journal of Architectural Computing

View full text Add to dashboard Cite

As our civilization dives deeper into the information age, making sense of ever more complex and larger amounts of data becomes critical.This article reports on interdisciplinary work in Information Visualization addressing this challenge and using architectural expertise as its main engine.The goal of this research is to significantly improve real time decision making in complex data spaces while devising a new architecture that responds to complex information environments. Although we have been reporting in aspects of this work for the past 7 years, this paper covers unpublished knowledge, design methods, operational strategies, and other details that bring together all the material published by our group thus far into a comprehensive and useful whole.We conclude by presenting our latest InfoVis design work in Network Security.

show abstract

Section: Discussionmentioning

confidence: 99%

Architectural Research in Information Visualization: 10 Years after

Bermúdez

Agutter

Foresti

2006

International Journal of Architectural Computing

View full text Add to dashboard Cite

show abstract

“…Therefore, providing a meaningful visualization requires having a good understanding of the user, the problem, and the information to is a visualization tool that integrates log and alert files into an intuitive visualization that is a mix between a topology map and concentric circles around the outside similar to a ring chart. This visualization shows alert type by colorger node size to show more alerts, and a larger REFLEX is a solution where user, application, source, and coordinates in order to show the relationships between the occurring events [24].…”

Section: ) Datamentioning

confidence: 99%

Security visualization: Cyber security storm map and event correlation

Ferebee

Dasgupta

Schmidt

et al. 2011

2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)

View full text Add to dashboard Cite

Abstract-Efficient visualization of cyber incidents is the key in securing increasing complex information infrastructure. Extrapolating security-related information from data from multiple sources can be a daunting task for organizations to maintain safe and secure operating environment. However, meaningful visualizations can significantly improve decisionmaking quality and help security administrators in taking rapid response. The purpose of this work is to explore this possibility by building on previously gained knowledge and understanding of weather maps used in meteorology, assessing the gaps, and applying various techniques and matrices to quantify the impacts of cyber incidences in an efficient way.

show abstract

“…Applications like MieLog [19] or Tudumi [20] use logs collected directly on the endpoints. On the other hand, RainStorm [1], SnortView [13], STARMINE [12], VisAlert [8], or other visualization-based tools that use an hybrid approach [11], visualize alarms generated by traditional security systems (e.g, IDS). This last kind of systems are the most similar to ours in that they visually correlate alarms and network resources.…”

Section: Background and Related Workmentioning

confidence: 99%

“…Current prototypes focus on visualizing (in near real time) either network traffic [25] [14][6] [9] or network alarms [1] [13] [8], rarely a mix of them, and to place them in a context that helps in understanding their nature. Some of them use raw data coming from traffic logs, some others employ preprocessed/digested data.…”

Section: Introductionmentioning

confidence: 99%

SpiralView: Towards Security Policies Assessment through Visual Correlation of Network Resources with Evolution of Alarms

Bertini

Hertzog

Lalanne

2007

2007 IEEE Symposium on Visual Analytics Science and Technology

View full text Add to dashboard Cite

This article presents SpiralView, a visualization tool for helping system administrators to assess network policies. The tool is meant to be a complementary support to the routine activity of network monitoring, enabling a retrospective view on the alarms generated during and extended period of time. The tool permits to reason about how alarms distribute over time and how they correlate with network resources (e.g., users, IPs, applications, etc.), supporting the analysts in understanding how the network evolves and thus in devising new security policies for the future. The spiral visualization plots alarms in time, and, coupled with interactive bar charts and a users/applications graph view, is used to present network data and perform queries. The user is able to segment the data in meaningful subsets, zoom on specific related information, and inspect for relationships between alarms, users, and applications. In designing the visualizations and their interaction, and through tests with security experts, several ameliorations over the standard techniques have been provided.

show abstract

Visual correlation of network alerts

Cited by 56 publications

References 10 publications

Architectural Research in Information Visualization: 10 Years after

Architectural Research in Information Visualization: 10 Years after

Security visualization: Cyber security storm map and event correlation

SpiralView: Towards Security Policies Assessment through Visual Correlation of Network Resources with Evolution of Alarms

Contact Info

Product

Resources

About