Finding and reminding: file organization from the desktop
ACM SIGCHI Bulletin
In pursuit of desktop evolution: User problems and practices with modern desktop systems
ACM Transactions on Computer-Human Interaction (TOCHI)
Passive visual fingerprinting of network attack tools
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Visual Firewall: Real-time Network Security Monito
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Proceedings of the 4th annual conference on Information security curriculum development
InfoSec technology management of user space and services through security threat gateways
Proceedings of the 4th annual conference on Information security curriculum development
Guidelines for designing IT security management tools
Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology
Toward a Scalable Visualization System for Network Traffic Monitoring
IEICE - Transactions on Information and Systems
Visual analysis of goal-directed network defense decisions
Proceedings of the 8th International Symposium on Visualization for Cyber Security
Interactive analysis of computer scenarios through parallel coordinates graphics
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV
Hi-index | 0.00 |
Current tools for forensic analysis require many hours to understand novel attacks, causing reports to be terse and untimely. We apply visual filtering and tagging of flows in a novel way to address the current limitations of post-attack analysis, reporting, and sharing. We discuss the benefits of visual filtering and tagging of network flows and introduce FlowTag as our prototype tool for Honeynet researchers. We argue that online collaborative analysis benefits security researchers by organizing attacks, collaborating on analysis, forming attack databases for trend analysis, and in promoting new security research areas. Lastly, we show three attacks on the Georgia Tech Honeynet and describe the analysis process using FlowTag.