NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
PortVis: a tool for port-based detection of security events
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
InetVis, a visual tool for network telescope traffic analysis
AFRIGRAPH '06 Proceedings of the 4th international conference on Computer graphics, virtual reality, visualisation and interaction in Africa
Applied Security Visualization
Applied Security Visualization
Large-Scale Network Monitoring for Visual Analysis of Attacks
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
NetFlow Data Visualization Based on Graphs
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Graph Drawing for Security Visualization
Graph Drawing
Visualizing Network Activity Using Parallel Coordinates
HICSS '11 Proceedings of the 2011 44th Hawaii International Conference on System Sciences
A survey of security visualization for computer network logs
Security and Communication Networks
A Survey of Visualization Systems for Network Security
IEEE Transactions on Visualization and Computer Graphics
Interest Driven Navigation in Visualization
IEEE Transactions on Visualization and Computer Graphics
Hi-index | 0.00 |
This paper describes a web-based visualization system designed for network security analysts at the U.S. Army Research Laboratory (ARL). Our goal is to provide visual support to the analysts as they investigate security alerts for malicious activity within their systems. Our ARL collaborators identified a number of important requirements for any candidate visualization system. These relate to the analyst's mental models and working environment, and to the visualization tool's configurability, accessibility, scalability, and "fit" with existing analysis strategies. To meet these requirements, we designed and implement a web-based tool that uses different types of charts as its core representation framework. A JavaScript charting library (RGraph) was extended to provide the interface flexibility and correlation capabilities needed to support analysts as they explore different hypotheses about a potential attack. We describe key elements of our design, explain how an analyst's intent is used to generate different visualizations, and show how the system's interface allows an analyst to rapidly produce a sequence of visualizations to explore specific details about a potential attack as they arise. We conclude with a discussion of plans to further improve the system, and to collect feedback from our ARL colleagues on its strengths and limitations in real-world analysis scenarios.