ACM Transactions on Information and System Security (TISSEC)
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Detecting Flaws and Intruders with Visual Data Analysis
IEEE Computer Graphics and Applications
VisFlowConnect: netflow visualizations of link relationships for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
PortVis: a tool for port-based detection of security events
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
I know my network: collaboration and expertise in intrusion detection
CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
A user-centered approach to visualizing network traffic for intrusion detection
CHI '05 Extended Abstracts on Human Factors in Computing Systems
Intrusion and misuse detection in large-scale systems
IEEE Computer Graphics and Applications
Visual Discovery in Computer Network Defense
IEEE Computer Graphics and Applications
A visualization tool for exploring multi-scale network traffic anomalies
SPECTS'09 Proceedings of the 12th international conference on Symposium on Performance Evaluation of Computer & Telecommunication Systems
A scalable aural-visual environment for security event monitoring, analysis, and response
ISVC'07 Proceedings of the 3rd international conference on Advances in visual computing - Volume Part I
Visualizing graph dynamics and similarity for enterprise network security and management
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Managing networks through context: Graph visualization and exploration
Computer Networks: The International Journal of Computer and Telecommunications Networking
Is the contextual information relevant in text clustering by compression?
Expert Systems with Applications: An International Journal
Visual analysis of large-scale network anomalies
IBM Journal of Research and Development
Hi-index | 0.00 |
Intrusion detection analysis requires understanding the context of an event, usually discovered by examining packet-level detail. When analysts attempt to construct the big picture of a security event, they must move between high-level representations and these low-level details. This continual shifting places a substantial cognitive burden on the analyst, who must mentally store and transfer information between these levels of analysis. This article presents an information visualization tool, the time-based network traffic visualizer (TNV), which reduces this burden. TNV augments the available support for discovering and analyzing anomalous or malicious network activity. The system is grounded in an understanding of the work practices of intrusion detection analysts, particularly foregrounding the overarching importance in the analysis task of integrating contextual information into an understanding of the event under investigation. TNV provides low-level, textual data and multiple, linked visualizations that enable analysts to simultaneously examine packet-level detail within the larger context of activity.