A user-centered approach to visualizing network traffic for intrusion detection

Authors:
John R. Goodall;A. Ant Ozok;Wayne G. Lutters;Penny Rheingans;Anita Komlodi
Affiliations:
UMBC, Baltimore, MD;UMBC, Baltimore, MD;UMBC, Baltimore, MD;UMBC, Baltimore, MD;UMBC, Baltimore, MD
Venue:
CHI '05 Extended Abstracts on Human Factors in Computing Systems
Year:
2005

Citing 6
Cited 9

Visualizing Network Data

IEEE Transactions on Visualization and Computer Graphics
VisFlowConnect: netflow visualizations of link relationships for security situational awareness

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
PortVis: a tool for port-based detection of security events

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
I know my network: collaboration and expertise in intrusion detection

CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
An Information Visualization Framework for Intrusion Detection

CHI '04 Extended Abstracts on Human Factors in Computing Systems
Intrusion and misuse detection in large-scale systems

IEEE Computer Graphics and Applications

Focusing on Context in Network Traffic Analysis

IEEE Computer Graphics and Applications
Visualizing network traffic for intrusion detection

DIS '06 Proceedings of the 6th conference on Designing Interactive systems
Command line or pretty lines?: comparing textual and visual interfaces for intrusion detection

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Progressive multiples for communication-minded visualization

GI '07 Proceedings of Graphics Interface 2007
A Component-Based Framework for Visualization of Intrusion Detection Events

Information Security Journal: A Global Perspective
Database and database application security

ITiCSE '09 Proceedings of the 14th annual ACM SIGCSE conference on Innovation and technology in computer science education
User-Centered Development of a Visual Exploration System for In-Car Communication

SG '09 Proceedings of the 10th International Symposium on Smart Graphics
Domain Specific Intended Use Evaluation Method: Intrusion Detection Specific Intended Use Evaluation Method

ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Proposing a multi-touch interface for intrusion detection environments

Proceedings of the Seventh International Symposium on Visualization for Cyber Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion detection (ID) analysts are charged with ensuring the safety and integrity of today's high-speed computer networks. Their work includes the complex task of searching for indications of attacks and misuse in vast amounts of network data. Although there are several information visualization tools to support ID, few are grounded in a thorough understanding of the work ID analysts perform or include any empirical evaluation. We present a user-centered visualization based on our understanding of the work of ID and the needs of analysts derived from the first significant user study of ID. The tool presents analysts with both 'at a glance' understanding of network activity, and low-level network link details. Results from preliminary usability testing show that users performed better and found easier those tasks dealing with network state in comparison to network link tasks.