Flowtag: a collaborative attack-analysis, reporting, and sharing tool for security researchers

Authors:
Christopher P. Lee;John A. Copeland
Affiliations:
Georgia Institute of Technology;Georgia Institute of Technology
Venue:
Proceedings of the 3rd international workshop on Visualization for computer security
Year:
2006

Citing 4
Cited 6

Finding and reminding: file organization from the desktop

ACM SIGCHI Bulletin
In pursuit of desktop evolution: User problems and practices with modern desktop systems

ACM Transactions on Computer-Human Interaction (TOCHI)
Passive visual fingerprinting of network attack tools

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Visual Firewall: Real-time Network Security Monito

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security

Puppetnets and botnets: information technology vulnerability exploits that threaten basic internet use

Proceedings of the 4th annual conference on Information security curriculum development
InfoSec technology management of user space and services through security threat gateways

Proceedings of the 4th annual conference on Information security curriculum development
Guidelines for designing IT security management tools

Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology
Toward a Scalable Visualization System for Network Traffic Monitoring

IEICE - Transactions on Information and Systems
Visual analysis of goal-directed network defense decisions

Proceedings of the 8th International Symposium on Visualization for Cyber Security
Interactive analysis of computer scenarios through parallel coordinates graphics

ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV

Quantified Score

Hi-index	0.00

Visualization

Abstract

Current tools for forensic analysis require many hours to understand novel attacks, causing reports to be terse and untimely. We apply visual filtering and tagging of flows in a novel way to address the current limitations of post-attack analysis, reporting, and sharing. We discuss the benefits of visual filtering and tagging of network flows and introduce FlowTag as our prototype tool for Honeynet researchers. We argue that online collaborative analysis benefits security researchers by organizing attacks, collaborating on analysis, forming attack databases for trend analysis, and in promoting new security research areas. Lastly, we show three attacks on the Georgia Tech Honeynet and describe the analysis process using FlowTag.