Visual Correlation of Host Processes and Network Traffic

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Glenn A. Fink Articles by Paul Muessig Articles by Chris North

IEEE Workshops on Visualization for Computer Security (VizSec'05)

Minneapolis, Minnesota

October 26-October 26

ISBN: 0-7803-9477-1

	ASCII Text	x
	Glenn A. Fink, Paul Muessig, Chris North, "Visual Correlation of Host Processes and Network Traffic," Visualization for Computer Security, IEEE Workshops on, pp. 2, IEEE Workshops on Visualization for Computer Security (VizSec'05), 2005.

	BibTex	x
	@article{ 10.1109/VIZSEC.2005.18, author = {Glenn A. Fink and Paul Muessig and Chris North}, title = {Visual Correlation of Host Processes and Network Traffic}, journal ={Visualization for Computer Security, IEEE Workshops on}, volume = {0}, year = {2005}, isbn = {0-7803-9477-1}, pages = {2}, doi = {http://doi.ieeecomputersociety.org/10.1109/VIZSEC.2005.18}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Visualization for Computer Security, IEEE Workshops on TI - Visual Correlation of Host Processes and Network Traffic SN - 0-7803-9477-1 SP EP A1 - Glenn A. Fink, A1 - Paul Muessig, A1 - Chris North, PY - 2005 KW - Computer Security KW - Information Visualization KW - System Administration VL - 0 JA - Visualization for Computer Security, IEEE Workshops on ER -

Glenn A. Fink, Virginia Polytechnic Institute and State University

Paul Muessig, Virginia Polytechnic Institute and State University

Chris North, Virginia Polytechnic Institute and State University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/VIZSEC.2005.18

Anomalous communication patterns are one of the leading indicators of computer system intrusions according to the system administrators we have interviewed. But a major problem is being able to correlate across the host/network boundary to see how network connections are related to running processes on a host. This paper introduces Portall, a visualization tool that gives system administrators a view of the communicating processes on the monitored machine correlated with the network activity in which the processes participate. Portall is a prototype of part of the Network Eye framework we have introduced in an earlier paper [1]. We discuss the Portall visualization, the supporting infrastructure it requires, and a formative usability study we conducted to obtain administrators? reactions to the tool.

Index Terms:

Computer Security, Information Visualization, System Administration

Citation:

Glenn A. Fink, Paul Muessig, Chris North, "Visual Correlation of Host Processes and Network Traffic," vizsec, pp.2, IEEE Workshops on Visualization for Computer Security (VizSec'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.