Proceedings of the 3rd international workshop on Visualization for computer security
Visualization assisted detection of sybil attacks in wireless networks
Proceedings of the 3rd international workshop on Visualization for computer security
Interactively combining 2D and 3D visualization for network traffic monitoring
Proceedings of the 3rd international workshop on Visualization for computer security
Detecting distributed scans using high-performance query-driven visualization
Proceedings of the 2006 ACM/IEEE conference on Supercomputing
CluVis: dual-domain visual exploration of cluster/network metadata
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Interactive wormhole detection and evaluation
Information Visualization
The challenges of using an intrusion detection system: is it worth the effort?
Proceedings of the 4th symposium on Usable privacy and security
An experimental assessment of semantic apprehension of graphical linguistics
Computers in Human Behavior
A Component-Based Framework for Visualization of Intrusion Detection Events
Information Security Journal: A Global Perspective
Guidelines for designing IT security management tools
Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology
Cognitive load research and semantic apprehension of graphical linguistics
USAB'07 Proceedings of the 3rd Human-computer interaction and usability engineering of the Austrian computer society conference on HCI and usability for medicine and health care
Using geographic information systems for enhanced network security visualization
Proceedings of the 1st International Conference and Exhibition on Computing for Geospatial Research & Application
Neural visualization of network traffic data for intrusion detection
Applied Soft Computing
RT-MOVICAB-IDS: Addressing real-time intrusion detection
Future Generation Computer Systems
| Hi-index | 0.00 |
This paper presents the Intrusion Detection toolkit (IDtk), an information Visualization tool for intrusion detection (ID). IDtk was developed through a user-centered design process, in which we identi- fied design guidelines to support ID users. ID analysts protect their networks by searching for evidence of attacks in ID system output, firewall and system logs, and other complex, textual data sources. Monitoring and analyzing these sources incurs a heavy cognitive load for analysts. The use of information visualization techniques offers a valuable addition to the toolkit of the ID analyst. Several visualization techniques for ID have been developed, but few usability or field studies have been completed to assess the needs of ID analysts and the usability and usefulness of these tools. We intended to fill this gap by applying a user-centered design process in the development and evaluation of IDtk, a 3D, glyph-based visualization tool that gives the user maximum flexibility in setting up how the visualization display represents ID data. The user can also customize whether the display is a simple, high-level overview to support monitoring, or a more complex 3D view allowing for viewing the data from multiple angles and thus supporting analysis and diagnosis. This flexibility was found crucial in our usability evaluation. In addition to describing the tool, we report the findings of our user evaluation and propose new guidelines for the design of information visualization tools for ID.