A research typology for object-oriented analysis and design
Communications of the ACM - Special issue on analysis and modeling in software development
Information visualization: perception for design
Information visualization: perception for design
Case study: interactive visualization for internet security
Proceedings of the conference on Visualization '02
The Tao Of Network Security Monitoring: Beyond Intrusion Detection
The Tao Of Network Security Monitoring: Beyond Intrusion Detection
VisFlowConnect: netflow visualizations of link relationships for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
PortVis: a tool for port-based detection of security events
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
A Visual Exploration Process for the Analysis of Internet Routing Data
Proceedings of the 14th IEEE Visualization 2003 (VIS'03)
Sesame: informing user security decisions with system visualization
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A Component-Based Framework for Visualization of Intrusion Detection Events
Information Security Journal: A Global Perspective
Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology
A scalable aural-visual environment for security event monitoring, analysis, and response
ISVC'07 Proceedings of the 3rd international conference on Advances in visual computing - Volume Part I
Predictive network anomaly detection and visualization
IEEE Transactions on Information Forensics and Security
PeekKernelFlows: peeking into IP flows
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
A multi-phase network situational awareness cognitive task analysis
Information Visualization - Special issue on selected papers from visualization and data analysis 2010
Visual signatures for financial time series
Proceedings of the 2011 Visual Information Communication - International Symposium
A novel data reduction technique
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Optimizing a radial layout of bipartite graphs for a tool visualizing security alerts
GD'11 Proceedings of the 19th international conference on Graph Drawing
Visual analysis of complex firewall configurations
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Visualization design for immediate high-level situational assessment
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
A real-time visualization framework for IDS alerts
Proceedings of the 5th International Symposium on Visual Information Communication and Interaction
| Hi-index | 0.00 |
This article presents VisAlert, a novel visual correlation tool that displays network--and host-based alerts from disparate sensors. The approach is based on the fundamental premise that an alert must possess three attributes: what, when, and where. These attributes provide a vehicle for comparing seemingly disparate events. VisAlert facilitates and promotes situational awareness in complex network environments by providing the user with a holistic view of network security to aid in the detection of sophisticated and malicious activities. This visualization was developed with a user centered, interdisciplinary design methodology using domain analysis, visual design, user feedback, and software implementation. Network analysts and decision makers with experience in large organizational networks were involved in the iterative development process. VisAlert was deployed at the Air Force Research Lab where it generated a positive response due to its intuitiveness, effectiveness, simplicity, and flexibility, features that enhance the capability of network analysts to detect, diagnose, and respond to difficult to detect anomalies.