The Community for Technology Leaders
Green Image
Issue No. 02 - March/April (2006 vol. 26)
ISSN: 0272-1716
pp: 60-70
Kulsoom Abdullah , Georgia Institute of Technology
Gregory Conti , Georgia Institute of Technology
Mustaque Ahamad , Georgia Institute of Technology
Chris Lee , Georgia Institute of Technology
John A. Copeland , Georgia Institute of Technology
John Stasko , Georgia Institute of Technology
Julian Grizzard , Georgia Institute of Technology
Henry L. Owen , Georgia Institute of Technology
ABSTRACT
When given the task of securing a network, security analysts and network administrators typically face large volumes of security data that demand analysis. Selectively mapping elements of these flows to carefully crafted graphical displays can provide rapid insights while actively countering information overload. To this end, this article presents a generic framework for designing such visualization systems as well as results from the end-to-end design and implementation of two highly interactive systems. The first system focuses on increasing the utility of intrusion detection systems by providing information rich displays of network alerts. The second system provides new methods of visualizing network packets that enable the analyst to efficiently and effectively explore network traffic for malicious activity. To support their findings, the authors present the results of a user requirements study.
INDEX TERMS
alert visualization, payload visualization, packet visualization, log visualization, network visualization
CITATION
Kulsoom Abdullah, Gregory Conti, Mustaque Ahamad, Chris Lee, John A. Copeland, John Stasko, Julian Grizzard, Henry L. Owen, "Countering Security Information Overload through Alert and Packet Visualization", IEEE Computer Graphics and Applications, vol. 26, no. , pp. 60-70, March/April 2006, doi:10.1109/MCG.2006.30
114 ms
(Ver )