The Community for Technology Leaders
RSS Icon
Issue No.02 - March/April (2006 vol.26)
pp: 48-59
James Agutter , University of Utah
Yarden Livnat , University of Utah
Shaun Moon , University of Utah
Robert Erbacher , Utah State University
This article presents VisAlert, a novel visual correlation tool that displays network--and host-based alerts from disparate sensors. The approach is based on the fundamental premise that an alert must possess three attributes: what, when, and where. These attributes provide a vehicle for comparing seemingly disparate events. VisAlert facilitates and promotes situational awareness in complex network environments by providing the user with a holistic view of network security to aid in the detection of sophisticated and malicious activities. This visualization was developed with a user centered, interdisciplinary design methodology using domain analysis, visual design, user feedback, and software implementation. Network analysts and decision makers with experience in large organizational networks were involved in the iterative development process. VisAlert was deployed at the Air Force Research Lab where it generated a positive response due to its intuitiveness, effectiveness, simplicity, and flexibility, features that enhance the capability of network analysts to detect, diagnose, and respond to difficult to detect anomalies.
Visualization, Data Correlation, Situational Awareness, Cybersecurity, Network Intrusion, Network Monitoring, User Centered Design
James Agutter, Yarden Livnat, Shaun Moon, Robert Erbacher, "Visual Correlation of Network Alerts", IEEE Computer Graphics and Applications, vol.26, no. 2, pp. 48-59, March/April 2006, doi:10.1109/MCG.2006.49
1. R. Bejtlich, The Tao of Network Security Monitoring: Beyond Intrusion Detection, Addison-Wesley Professional, 2004.
2. E. Tufte, The Visual Display of Quantitative Information, Graphics Press, 1983.
3. K. Lakkaraju, W. Yurcik, and A. Lee, "NVisionIP: Netflow Visualizations of System State for Security Situational Awareness," Proc. CCS Workshop Visualization and Data Mining for Computer Security, ACM Conf. Computer and Comm. Security, ACM Press, 2004, pp. 65-72.
4. K. Vicente, K. Christoffersen, and A. Pereklita, "Supporting Operator Problem Solving through Ecological Interface Design," IEEE Trans. Systems, Mass, and Cybernetics, vol. 25, 1995, pp. 529-545.
5. J. Agutter et al., "Evaluation of a Graphic Cardiovascular Display in a High Fidelity Simulator," Anesthesia and Anal-gesia, vol. 97, 2003, pp. 1403-1413.
6. J. Bermudez et al., "Interdisciplinary Methodology Supporting the Design Research & Practice of New Data Representation Architectures," Proc. European Assoc. for Architectural Education/Architectural Research Centers Consortium (EAAE/ARCC) Research Conf., Dublin Inst. of Technology, 2004, pp. 223-230.
7. A. Snodgrass and R. Coyne, "Models, Metaphors, and the Hermeneutics of Designing," Design Issues, vol. 9, no. 1, 1992, pp. 56-74.
8. D. Monarchi and G. Puhr, "A Research Typology for Object-Oriented Analysis and Design," Comm. ACM, vol. 35, no. 9, 1992, pp. 35-47.
9. R. Priéto-Díaz, "Domain Analysis: An Introduction," ACM Sigsoft/Software Eng. Notes, vol. 15, no. 2, 1990, pp. 47-54.
10. W. Zachary, J. Ryder, and J. Hicinbothom, "Building Cognitive Task Analyses and Models of a Decision-Making Team in a Complex Real-Time Environment," Cognitive Task Analysis, Lawrence Erlbaum Assoc., 2000, pp. 365-384.
11. C. Ware, Information Visualization: Perception for Design, Morgan Kaufmann, 2000.
12. A. Triesman, "Preattentive Processing in Vision," Computer Vision, Graphics, and Image Processing, vol. 31, 1985, pp. 156-177.
13. Y. Livnat et al., "A Visualization Paradigm for Network Intrusion Detection," Proc. IEEE Workshop Information Assurance and Security, IEEE CS Press, 2005, pp. 92-99.
24 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool