Understanding multistage attacks by attack-track based visualization of heterogeneous event streams
Proceedings of the 3rd international workshop on Visualization for computer security
Proceedings of the 3rd international workshop on Visualization for computer security
Visualization assisted detection of sybil attacks in wireless networks
Proceedings of the 3rd international workshop on Visualization for computer security
Visualizations to improve reactivity towards security incidents inside corporate networks
Proceedings of the 3rd international workshop on Visualization for computer security
Detecting distributed scans using high-performance query-driven visualization
Proceedings of the 2006 ACM/IEEE conference on Supercomputing
CluVis: dual-domain visual exploration of cluster/network metadata
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Command line or pretty lines?: comparing textual and visual interfaces for intrusion detection
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Progressive multiples for communication-minded visualization
GI '07 Proceedings of Graphics Interface 2007
Interactive wormhole detection and evaluation
Information Visualization
PolicyVis: firewall security policy visualization and inspection
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Visual Analytics: Scope and Challenges
Visual Data Mining
The Contact Surface: A Technique for Exploring Internet Scale Emergent Behaviors
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A Task Centered Framework for Computer Security Data Visualization
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Large-Scale Network Monitoring for Visual Analysis of Attacks
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
A Component-Based Framework for Visualization of Intrusion Detection Events
Information Security Journal: A Global Perspective
Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology
A visualization framework for traffic data exploration and scan detection
NTMS'09 Proceedings of the 3rd international conference on New technologies, mobility and security
Classroom projects to support e-Learning in computer networks and security
Proceedings of the First Kuwait Conference on e-Services and e-Systems
Neural visualization of network traffic data for intrusion detection
Applied Soft Computing
Situational assessment of intrusion alerts: a multi attack scenario evaluation
ICICS'11 Proceedings of the 13th international conference on Information and communications security
Visual analysis of complex firewall configurations
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
MalwareVis: entity-based visualization of malware network traces
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
RT-MOVICAB-IDS: Addressing real-time intrusion detection
Future Generation Computer Systems
Massive scale cyber traffic analysis: a driver for graph database research
First International Workshop on Graph Data Management Experiences and Systems
Hi-index | 0.00 |
When performing packet-level analysis in intrusion detection, analysts often lose sight of the "big picture" while examining these low-level details. In order to prevent this loss of context and augment the available tools for intrusion detection analysis tasks, we developed an information visualization tool, the Time-based Network traffic Visualizer (TNV). TNV is grounded in an understanding of the work practices of intrusion detection analysts, particularly foregrounding the overarching importance of context and time in the process of intrusion detection analysis. The main visual component of TNV is a matrix showing network activity of hosts over time, with connections between hosts superimposed on the matrix, complemented by multiple, linked views showing port activity and the details of the raw packets. Providing low-level textual data in the context of a high-level, aggregated graphical display enables analysts to examine packetlevel details within the larger context of activity. This combination has the potential to facilitate the intrusion detection analysis tasks and help novice analysts learn what constitutes "normal" on a particular network.