Issue No. 02 - March/April (2006 vol. 26)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MCG.2006.30
Gregory Conti , Georgia Institute of Technology
Kulsoom Abdullah , Georgia Institute of Technology
Julian Grizzard , Georgia Institute of Technology
John Stasko , Georgia Institute of Technology
John A. Copeland , Georgia Institute of Technology
Mustaque Ahamad , Georgia Institute of Technology
Henry L. Owen , Georgia Institute of Technology
Chris Lee , Georgia Institute of Technology
When given the task of securing a network, security analysts and network administrators typically face large volumes of security data that demand analysis. Selectively mapping elements of these flows to carefully crafted graphical displays can provide rapid insights while actively countering information overload. To this end, this article presents a generic framework for designing such visualization systems as well as results from the end-to-end design and implementation of two highly interactive systems. The first system focuses on increasing the utility of intrusion detection systems by providing information rich displays of network alerts. The second system provides new methods of visualizing network packets that enable the analyst to efficiently and effectively explore network traffic for malicious activity. To support their findings, the authors present the results of a user requirements study.
alert visualization, payload visualization, packet visualization, log visualization, network visualization
K. Abdullah et al., "Countering Security Information Overload through Alert and Packet Visualization," in IEEE Computer Graphics and Applications, vol. 26, no. , pp. 60-70, 2006.