Countering Security Information Overload through Alert and Packet Visualization

ComputerGraphics
2006
Issue No. 2 - March/April
Abstract - Countering Security Information Overload through Alert and Packet Visualization

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Gregory Conti Articles by Kulsoom Abdullah Articles by Julian Grizzard Articles by John Stasko Articles by John A. Copeland Articles by Mustaque Ahamad Articles by Henry L. Owen Articles by Chris Lee

March/April 2006 (vol. 26 no. 2)

pp. 60-70

	ASCII Text	x
	Gregory Conti, Kulsoom Abdullah, Julian Grizzard, John Stasko, John A. Copeland, Mustaque Ahamad, Henry L. Owen, Chris Lee, "Countering Security Information Overload through Alert and Packet Visualization," IEEE Computer Graphics and Applications, vol. 26, no. 2, pp. 60-70, March/April, 2006.

	BibTex	x
	@article{ 10.1109/MCG.2006.30, author = {Gregory Conti and Kulsoom Abdullah and Julian Grizzard and John Stasko and John A. Copeland and Mustaque Ahamad and Henry L. Owen and Chris Lee}, title = {Countering Security Information Overload through Alert and Packet Visualization}, journal ={IEEE Computer Graphics and Applications}, volume = {26}, number = {2}, issn = {0272-1716}, year = {2006}, pages = {60-70}, doi = {http://doi.ieeecomputersociety.org/10.1109/MCG.2006.30}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Computer Graphics and Applications TI - Countering Security Information Overload through Alert and Packet Visualization IS - 2 SN - 0272-1716 SP60 EP70 EPD - 60-70 A1 - Gregory Conti, A1 - Kulsoom Abdullah, A1 - Julian Grizzard, A1 - John Stasko, A1 - John A. Copeland, A1 - Mustaque Ahamad, A1 - Henry L. Owen, A1 - Chris Lee, PY - 2006 KW - alert visualization KW - payload visualization KW - packet visualization KW - log visualization KW - network visualization VL - 26 JA - IEEE Computer Graphics and Applications ER -

Gregory Conti, Georgia Institute of Technology

Kulsoom Abdullah, Georgia Institute of Technology

Julian Grizzard, Georgia Institute of Technology

John Stasko, Georgia Institute of Technology

John A. Copeland, Georgia Institute of Technology

Mustaque Ahamad, Georgia Institute of Technology

Henry L. Owen, Georgia Institute of Technology

Chris Lee, Georgia Institute of Technology

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MCG.2006.30

When given the task of securing a network, security analysts and network administrators typically face large volumes of security data that demand analysis. Selectively mapping elements of these flows to carefully crafted graphical displays can provide rapid insights while actively countering information overload. To this end, this article presents a generic framework for designing such visualization systems as well as results from the end-to-end design and implementation of two highly interactive systems. The first system focuses on increasing the utility of intrusion detection systems by providing information rich displays of network alerts. The second system provides new methods of visualizing network packets that enable the analyst to efficiently and effectively explore network traffic for malicious activity. To support their findings, the authors present the results of a user requirements study.

1. K. Abdullah et al., "IDS RainStorm: Visualizing IDS Alarms," Proc. IEEE Workshops Visualization for Computer Security (VizSEC), IEEE CS Press, 2005, pp. 1-10.
2. G. Conti et al., "Visual Exploration of Malicious Network Objects Using Semantic Zoom, Interactive Encoding and Dynamic Queries," Proc. IEEE Workshops Visualization for Computer Security (VizSEC), IEEE CS Press, 2005, pp. 83-90.
3. H. Koike and K. Ohno, "Snortview: Visualization System of Snort Logs," Proc. 2004 ACM Workshop Visualization and Data Mining for Computer Security (VizSEC/DMSEC), ACM Press, 2004, pp. 143-147.
4. K. Julisch, "Clustering Intrusion Detection Alarms to Support Root Cause Analysis," ACM Trans. Information and System Security, Nov. 2003, pp. 443-471.
5. J. Eagan et al., "Visually Encoding Program Test Information to Find Faults in Software," Proc. IEEE Symp. Information Visualization, IEEE CS Press, 2001, pp. 33-36.
6. S.G. Eick, J.L. Steffen, and E.E. Sumner, "Seesoft—A Tool for Visualizing Line Oriented Software Statistics," IEEE Trans. Software Eng., Nov. 1992, pp. 957-968.
7. R.F. Erbacher, K.L. Walker, and D.A. Frincke., "Intrusion and Misuse Detection in Large-Scale Systems," IEEE Computer Graphics and Applications, Jan./Feb. 2002, pp. 38-48.
1. R. Pang et al., "Characteristics of Internet Background Radiation," Proc. ACM SIGCOMM Internet Measurement Conf. (ACM-IMC), ACM Press, 2003, pp. 27-40.

Index Terms:

alert visualization, payload visualization, packet visualization, log visualization, network visualization

Citation:

Gregory Conti, Kulsoom Abdullah, Julian Grizzard, John Stasko, John A. Copeland, Mustaque Ahamad, Henry L. Owen, Chris Lee, "Countering Security Information Overload through Alert and Packet Visualization," IEEE Computer Graphics and Applications, vol. 26, no. 2, pp. 60-70, Mar./Apr. 2006, doi:10.1109/MCG.2006.30

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.