A knowledge-based method for temporal abstraction of clinical data
A knowledge-based method for temporal abstraction of clinical data
A framework for knowledge-based temporal abstraction
Artificial Intelligence
Dynamic temporal interpretation contexts for temporal abstraction
Annals of Mathematics and Artificial Intelligence
Visualizing queries on databases of temporal histories: new metaphors and their evaluation
Data & Knowledge Engineering - Special issue: Temporal representation and reasoning
Connecting time-oriented data and information to a coherent interactive visualization
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Dynamic query tools for time series data sets: timebox widgets for interactive exploration
Information Visualization
NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
PortVis: a tool for port-based detection of security events
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
SnortView: visualization system of snort logs
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Closing-the-Loop in NVisionIP: Integrating Discovery and Search in Security Visualizations
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Exploring Three-dimensional Visualization for Intrusion Detection
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Designing Visualization Capabilities for IDS Challenges
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
IDS RainStorm: Visualizing IDS Alarms
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
A Visualization Methodology for Characterization of Network Scans
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Countering Security Information Overload through Alert and Packet Visualization
IEEE Computer Graphics and Applications
Interactive visualization for network and port scan detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Evaluation of a temporal-abstraction knowledge acquisition tool in the network security domain
Proceedings of the 4th international conference on Knowledge capture
Intelligent visualization and exploration of time-oriented data of multiple patients
Artificial Intelligence in Medicine
Intelligent selection and retrieval of multiple time-oriented records
Journal of Intelligent Information Systems
Alerts visualization and clustering in network-based intrusion detection
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Multistage attack detection system for network administrators using data mining
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Journal of Biomedical Informatics
Visual Analytics to Optimize Patient-Population Evidence Delivery for Personalized Care
Proceedings of the International Conference on Bioinformatics, Computational Biology and Biomedical Informatics
Hi-index | 0.00 |
The detection of known and unknown attacks usually requires the interpretation and presentation of very large amounts of time-oriented security data. Using regular means for displaying the data, such as text or tables, is often ineffective. Furthermore, displaying only raw data is not sufficient, because the security expert is still required to derive meaningful conclusions from large amounts of data. In addition, in many cases (e.g., for detecting a virus spreading in the network), an aggregated view of multiple network devices is more effective than a view of each individual device. In this paper we propose an intelligent interface used by a distributed architecture that was described in our previous work, specific to the tasks of knowledge-based interpretation, summarization, query, visualization and interactive exploration of large numbers of time-oriented data. In order to support the interpretation and computation process, we provide automated mechanisms that perform derivation of context-specific, interval-based abstract interpretations (also known as Temporal Abstractions) from raw time-stamped security data, by using a domain-specific knowledge-base (e.g., a period of 5 hours, during the night, of a high number of FTP connections within the context of No User Activity, which might indicate the existence of a Trojan in the computer). The proposed visualization tool includes several functionalities for querying, visualization and exploration of both raw and abstracted time-oriented security data regarding single and multiple network devices.