Visualization assisted detection of sybil attacks in wireless networks
Proceedings of the 3rd international workshop on Visualization for computer security
CluVis: dual-domain visual exploration of cluster/network metadata
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Interactive wormhole detection and evaluation
Information Visualization
Topnet: a network-aware top(1)
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Automated tracing and visualization of software security structure and properties
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
| Hi-index | 0.00 |
Anomalous communication patterns are one of the leading indicators of computer system intrusions according to the system administrators we have interviewed. But a major problem is being able to correlate across the host/network boundary to see how network connections are related to running processes on a host. This paper introduces Portall, a visualization tool that gives system administrators a view of the communicating processes on the monitored machine correlated with the network activity in which the processes participate. Portall is a prototype of part of the Network Eye framework we have introduced in an earlier paper [1]. We discuss the Portall visualization, the supporting infrastructure it requires, and a formative usability study we conducted to obtain administrators' reactions to the tool.