Visual Discovery in Computer Network Defense

Anita D. D'Amico; Jason K. Kopylec; John R. Goodall; Daniel R. Tesone

doi:10.1109/MCG.2007.137

ComputerGraphics
2007
Issue No. 5 - September/October
Abstract - Visual Discovery in Computer Network Defense

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Anita D. D'Amico Articles by John R. Goodall Articles by Daniel R. Tesone Articles by Jason K. Kopylec

Visual Discovery in Computer Network Defense

September/October 2007 (vol. 27 no. 5)

pp. 20-27

	ASCII Text	x
	Anita D. D'Amico, John R. Goodall, Daniel R. Tesone, Jason K. Kopylec, "Visual Discovery in Computer Network Defense," IEEE Computer Graphics and Applications, vol. 27, no. 5, pp. 20-27, September/October, 2007.

	BibTex	x
	@article{ 10.1109/MCG.2007.137, author = {Anita D. D'Amico and John R. Goodall and Daniel R. Tesone and Jason K. Kopylec}, title = {Visual Discovery in Computer Network Defense}, journal ={IEEE Computer Graphics and Applications}, volume = {27}, number = {5}, issn = {0272-1716}, year = {2007}, pages = {20-27}, doi = {http://doi.ieeecomputersociety.org/10.1109/MCG.2007.137}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Computer Graphics and Applications TI - Visual Discovery in Computer Network Defense IS - 5 SN - 0272-1716 SP20 EP27 EPD - 20-27 A1 - Anita D. D'Amico, A1 - John R. Goodall, A1 - Daniel R. Tesone, A1 - Jason K. Kopylec, PY - 2007 KW - visual analytics KW - information visualization KW - information security KW - situational awareness KW - user-centered design VL - 27 JA - IEEE Computer Graphics and Applications ER -

Anita D. D'Amico, Applied Visions

John R. Goodall, Applied Visions

Daniel R. Tesone, Applied Visions

Jason K. Kopylec, Applied Visions

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MCG.2007.137

Computer network defense (CND) requires analysts to detect both known and novel forms of attacks in massive volumes of network data. Visualization tools can potentially assist in the discovery of suspicious patterns of network activity and relationships between seemingly disparate security events, but few CND analysts are leveraging visualization technologies in their current practice. To address this, we created a new visualization framework, VIAssist, based on a comprehensive cognitive task analysis of CND analysts. We designed VIAssist to fit the work practices and operational environments of those analysts. This article describes the major visual analytic features of VIAssist that address the needs of CND analysts, including its coordinated visualizations and interactive report building capabilities. A scenario illustrates how it can be used to discover the unexpected in network flow data.

1. A. D'Amico et al., "Achieving Cyber Defense Situational Awareness: A Cognitive Task Analysis of Information Assurance Analysts," Proc. Human Factors and Ergonomics Soc. 49th Ann. Meeting, HFES Press, 2005, pp. 229–233.
2. A. D'Amico and M. Larkin, "Methods of Visualizing Temporal Patterns in and Mission Impact of Computer Security Breaches," DARPA Information Survivability Conf. and Exposition (DISCEX II), IEEE Press, 2001, pp. 343–354.
3. DTO Reference Data Set 4s4, Skaion Corp., North Chelmsford, Mass., 2005.
1. R.P. Hoffman and D.D. Woods, "Studying Cognitive Systems in Context," Human Factors, vol. 42, no. 1, 2000, pp. 1–7.
1. R.A. Becker, S.G. Eick, and A.R. Wilks, "Visualizing Network Data," IEEE Trans. Visualization and Computer Graphics, vol. 1, no. 1, 1995, pp. 16–28.
2. K. Lakkaraju, W. Yurcik, and A.J. Lee, "NVisionIP: NetFlow Visualizations of System State for Security Situational Awareness," Proc. ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC), ACM Press, 2004, pp. 65–72.
3. P. Ren et al., "IDGraphs: Intrusion Detection and Analysis Using Stream Compositing," IEEE Computer Graphics and Applications, vol. 26, no. 2, 2006, pp. 28–39.
4. G. Conti et al., "Visual Exploration of Malicious Network Objects Using Semantic Zoom, Interactive Encoding and Dynamic Queries," Proc. Int'l Workshop Visualization for Computer Security (VizSEC), IEEE CS Press, 2005, pp. 83–90.
5. J.R. Goodall et al., "Focusing on Context in Network Traffic Analysis," IEEE Computer Graphics and Applications, vol. 26, no. 2, 2006 pp. 72–80.
6. Y. Livnat et al., "A Visualization Paradigm for Network Intrusion Detection," Proc. IEEE Workshop Information Assurance and Security (IAW), IEEE Press, 2005, pp. 92–99.
7. K. Abdullah et al., "Visualizing Network Data for Intrusion Detection," Proc. IEEE Workshop Information Assurance and Security (IAW), IEEE Press, 2005, pp. 100–108.

Index Terms:

visual analytics, information visualization, information security, situational awareness, user-centered design

Citation:

Anita D. D'Amico, John R. Goodall, Daniel R. Tesone, Jason K. Kopylec, "Visual Discovery in Computer Network Defense," IEEE Computer Graphics and Applications, vol. 27, no. 5, pp. 20-27, Sept.-Oct. 2007, doi:10.1109/MCG.2007.137

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.