Attacking information visualization system usability overloading and deceiving the human
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Countering Security Information Overload through Alert and Packet Visualization
IEEE Computer Graphics and Applications
An intelligent, interactive tool for exploration and visualization of time-oriented security data
Proceedings of the 3rd international workshop on Visualization for computer security
Visualizations to improve reactivity towards security incidents inside corporate networks
Proceedings of the 3rd international workshop on Visualization for computer security
Visual Discovery in Computer Network Defense
IEEE Computer Graphics and Applications
Visual Reverse Engineering of Binary and Data Files
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
A scalable aural-visual environment for security event monitoring, analysis, and response
ISVC'07 Proceedings of the 3rd international conference on Advances in visual computing - Volume Part I
Hi-index | 0.00 |
This paper explores the application of visualization techniques to aid in the analysis of malicious and non-malicious binary objects. These objects may include any logically distinct chunks of binary data such as image files, word processing documents and network packets. To facilitate this analysis, we present a novel visualization technique for comparing and navigating among 600-1000+ such objects at one time. While the visualization technique alone has powerful application for both directed and undirected exploration of many classes of binary objects, we chose to study network packets. To increase effectiveness, we strengthened the visualization technique with novel, domain-specific semantic zooming, interactive encoding and dynamic querying capabilities. We present results and lessons learned from implementing these techniques and from studying both malicious and non-malicious network packets. Our results indicate that the information visualization system we present is an efficient and effective way to compare large numbers of network packets, visually examine their payloads and navigate to areas of interest within large network datasets.