Visualization of security event logs across multiple networks and its application to a CSOC

Song, Boyeon; Choi, Jangwon; Choi, Sang-Soo; Song, Jungsuk

doi:10.1007/s10586-017-1317-2

Cited by 7 publications

(6 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Considering literature about data collection specifically for SOCs, there are only two notable papers: [111] and [22]. This is probably because most SOCs deploy a software solution responsible for collecting, processing, analyzing, and displaying events and alerts [112] and thus data collection is addressed in a more technical context. Bridges et al [111] conduct interviews with 13 professionals from five different SOCs to discover the current state-of-the-art and future directions for host-based data collection.…”

Section: ) Preparationmentioning

confidence: 99%

“…Data Collection [37], [47], [80], [103], [104], [107], [111], [127]- [132] Analysis & Detection [13], [35], [41], [43], [55], [56], [84], [133]- [157] Presentation [9], [12], [13], [80], [97], [99], [112], [127], [158]- [170] V-B2). As the interface between people and machines, the presentation of data and analysis results is of particular interest in a SOC context.…”

Section: Technology Referencesmentioning

confidence: 99%

“…In contrast to the approaches described above, the CyberCOP [12], [99], [160] platform relies on three-dimensional visualization. The VISNU project [112], [161], [162] takes a similar approach, which improves the collaboration of multiple SOCs in different organizations by displaying network data in three dimensions. Thereby, they aim at the collaboration of multiple analysts in one environment by providing different views on the same incident.…”

Section: ) Presentationmentioning

confidence: 99%

See 2 more Smart Citations

Security Operations Center: A Systematic Study and Open Challenges

et al. 2020

View full text Add to dashboard Cite

Section: ) Preparationmentioning

confidence: 99%

Section: Technology Referencesmentioning

confidence: 99%

Section: ) Presentationmentioning

confidence: 99%

See 1 more Smart Citation

Security Operations Center: A Systematic Study and Open Challenges

et al. 2020

View full text Add to dashboard Cite

“…The VisIDAC [11] system enables real-time visualisation of 3D data of security event log collection detected by intrusion detection systems installed in many networks. Event data are displayed in a graphical form on three panels: for global source networks, target networks and global destination networks.…”

Section: Tabs Switch Views Of the Applicationmentioning

confidence: 99%

Utilisation of Embodied Agents in the Design of Smart Human–Computer Interfaces—A Case Study in Cyberspace Event Visualisation Control

et al. 2020

View full text Add to dashboard Cite

The goal of the research reported here was to investigate whether the design methodology utilising embodied agents can be applied to produce a multi-modal human–computer interface for cyberspace events visualisation control. This methodology requires that the designed system structure be defined in terms of cooperating agents having well-defined internal components exhibiting specified behaviours. System activities are defined in terms of finite state machines and behaviours parameterised by transition functions. In the investigated case the multi-modal interface is a component of the Operational Centre which is a part of the National Cybersecurity Platform. Embodied agents have been successfully used in the design of robotic systems. However robots operate in physical environments, while cyberspace events visualisation involves cyberspace, thus the applied design methodology required a different definition of the environment. It had to encompass the physical environment in which the operator acts and the computer screen where the results of those actions are presented. Smart human–computer interaction (HCI) is a time-aware, dynamic process in which two parties communicate via different modalities, e.g., voice, gesture, eye movement. The use of computer vision and machine intelligence techniques are essential when the human is carrying an exhausting and concentration demanding activity. The main role of this interface is to support security analysts and operators controlling visualisation of cyberspace events like incidents or cyber attacks especially when manipulating graphical information. Visualisation control modalities include visual gesture- and voice-based commands.

show abstract

“…System VisIDAC [32] umożliwia w czasie rzeczywistym wizualizacje 3D danych o zdarzeniach dotyczących cyberbezpieczeństwa, zebranych przez systemy wykrywania włamań zainstalowane w różnych sieciach. Dane o zdarzeniach są wyświetlane w postaci graficznej na trzech panelach: dla wejściowego, wyjściowego i docelowego ruchu sieciowego.…”

unclassified

Agent Structure of Multimodal User Interface to the National Cybersecurity Platform – Part 1

Kasprzak¹,

Szynkiewicz²,

Stefańczyk³

et al. 2019

PAR

View full text Add to dashboard Cite

Zezwala się na korzystanie z artykułu na warunkach licencji Creative Commons Uznanie autorstwa 3.0 1. Wprowadzenie Termin cyberbezpieczeństwo odnosi się do zbioru zagadnień związanych z zapewnieniem bezpieczeństwa użytkowania sieci komputerowych, a w szczególności Internetu. Dotyczy on zabezpieczenia infrastruktury sieciowej używanej przez agendy państwa, prywatne korporacje oraz indywidualnych użytkowników przed cyberatakami. Działania związane z cyberbezpieczeństwem przede wszystkim koncentrują się na zapobieganiu cyberatakom, ale jeżeli one już nastąpią, to na maksymalnym ograniczeniu ich skutków. Podstawowym celem jest zapobieganie wyciekom danych oraz udaremnianie ataków polegających na uniemożliwianiu realizacji usług dostarczanych przez sieć. Stopień zależności współczesnych państw od systemów teleinformatycznych osiągnął taki poziom, że przypadkowe lub zamierzone uszkodzenie tej infrastruktury może pociągnąć za sobą

show abstract

Visualization of security event logs across multiple networks and its application to a CSOC

Cited by 7 publications

References 14 publications

Security Operations Center: A Systematic Study and Open Challenges

Security Operations Center: A Systematic Study and Open Challenges

Utilisation of Embodied Agents in the Design of Smart Human–Computer Interfaces—A Case Study in Cyberspace Event Visualisation Control

Agent Structure of Multimodal User Interface to the National Cybersecurity Platform – Part 1

Contact Info

Product

Resources

About