Communications of the ACM
Guidelines for using multiple views in information visualization
AVI '00 Proceedings of the working conference on Advanced visual interfaces
Reading of electronic documents: the usability of linear, fisheye, and overview+detail interfaces
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Visual exploration of large data sets
Communications of the ACM
Focus plus context screens: combining display technology with visualization techniques
Proceedings of the 14th annual ACM symposium on User interface software and technology
Navigation patterns and usability of zoomable user interfaces with and without an overview
ACM Transactions on Computer-Human Interaction (TOCHI)
Image-Browser Taxonomy and Guidelines for Designers
IEEE Software
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
VisFlowConnect: netflow visualizations of link relationships for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Home-centric visualization of network traffic for security administration
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
PortVis: a tool for port-based detection of security events
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
I know my network: collaboration and expertise in intrusion detection
CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
A user-centered approach to visualizing network traffic for intrusion detection
CHI '05 Extended Abstracts on Human Factors in Computing Systems
An Information Visualization Framework for Intrusion Detection
CHI '04 Extended Abstracts on Human Factors in Computing Systems
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
IDS RainStorm: Visualizing IDS Alarms
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Preserving the Big Picture: Visual Network Traffic Analysis with TN
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Visualization based policy analysis: case study in SELinux
Proceedings of the 13th ACM symposium on Access control models and technologies
The challenges of using an intrusion detection system: is it worth the effort?
Proceedings of the 4th symposium on Usable privacy and security
Guidelines for designing IT security management tools
Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology
An intelligent contextual support system for intrusion detection tasks
Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology
SOCIALSENSE: Graphical user interface design considerations for social network experiment software
Computers in Human Behavior
Nimble cybersecurity incident management through visualization and defensible recommendations
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
The notion of overview in information visualization
International Journal of Human-Computer Studies
Heuristics for evaluating IT security management tools
Proceedings of the Seventh Symposium on Usable Privacy and Security
Gracoli: a graphical command line user interface
Proceedings of the 2013 conference on Computer supported cooperative work companion
Gracoli: a graphical command line user interface
CHI '13 Extended Abstracts on Human Factors in Computing Systems
| Hi-index | 0.01 |
Intrusion detection (ID) is one of network security engineers' most important tasks. Textual (command-line) and visual interfaces are two common modalities used to support engineers in ID. We conducted a controlled experiment comparing a representative textual and visual interface for ID to develop a deeper understanding about the relative strengths and weaknesses of each. We found that the textual interface allows users to better control the analysis of details of the data through the use of rich, powerful, and flexible commands while the visual interface allows better discovery of new attacks by offering an overview of the current state of the network. With this understanding, we recommend designing a hybrid interface that combines the strengths of textual and visual interfaces for the next generation of tools used for intrusion detection.