This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Countering Security Information Overload through Alert and Packet Visualization
March/April 2006 (vol. 26 no. 2)
pp. 60-70
Gregory Conti, Georgia Institute of Technology
Kulsoom Abdullah, Georgia Institute of Technology
Julian Grizzard, Georgia Institute of Technology
John Stasko, Georgia Institute of Technology
John A. Copeland, Georgia Institute of Technology
Mustaque Ahamad, Georgia Institute of Technology
Henry L. Owen, Georgia Institute of Technology
Chris Lee, Georgia Institute of Technology
When given the task of securing a network, security analysts and network administrators typically face large volumes of security data that demand analysis. Selectively mapping elements of these flows to carefully crafted graphical displays can provide rapid insights while actively countering information overload. To this end, this article presents a generic framework for designing such visualization systems as well as results from the end-to-end design and implementation of two highly interactive systems. The first system focuses on increasing the utility of intrusion detection systems by providing information rich displays of network alerts. The second system provides new methods of visualizing network packets that enable the analyst to efficiently and effectively explore network traffic for malicious activity. To support their findings, the authors present the results of a user requirements study.

1. K. Abdullah et al., "IDS RainStorm: Visualizing IDS Alarms," Proc. IEEE Workshops Visualization for Computer Security (VizSEC), IEEE CS Press, 2005, pp. 1-10.
2. G. Conti et al., "Visual Exploration of Malicious Network Objects Using Semantic Zoom, Interactive Encoding and Dynamic Queries," Proc. IEEE Workshops Visualization for Computer Security (VizSEC), IEEE CS Press, 2005, pp. 83-90.
3. H. Koike and K. Ohno, "Snortview: Visualization System of Snort Logs," Proc. 2004 ACM Workshop Visualization and Data Mining for Computer Security (VizSEC/DMSEC), ACM Press, 2004, pp. 143-147.
4. K. Julisch, "Clustering Intrusion Detection Alarms to Support Root Cause Analysis," ACM Trans. Information and System Security, Nov. 2003, pp. 443-471.
5. J. Eagan et al., "Visually Encoding Program Test Information to Find Faults in Software," Proc. IEEE Symp. Information Visualization, IEEE CS Press, 2001, pp. 33-36.
6. S.G. Eick, J.L. Steffen, and E.E. Sumner, "Seesoft—A Tool for Visualizing Line Oriented Software Statistics," IEEE Trans. Software Eng., Nov. 1992, pp. 957-968.
7. R.F. Erbacher, K.L. Walker, and D.A. Frincke., "Intrusion and Misuse Detection in Large-Scale Systems," IEEE Computer Graphics and Applications, Jan./Feb. 2002, pp. 38-48.
1. R. Pang et al., "Characteristics of Internet Background Radiation," Proc. ACM SIGCOMM Internet Measurement Conf. (ACM-IMC), ACM Press, 2003, pp. 27-40.

Index Terms:
alert visualization, payload visualization, packet visualization, log visualization, network visualization
Citation:
Gregory Conti, Kulsoom Abdullah, Julian Grizzard, John Stasko, John A. Copeland, Mustaque Ahamad, Henry L. Owen, Chris Lee, "Countering Security Information Overload through Alert and Packet Visualization," IEEE Computer Graphics and Applications, vol. 26, no. 2, pp. 60-70, March-April 2006, doi:10.1109/MCG.2006.30
Usage of this product signifies your acceptance of the Terms of Use.