Issue No. 05 - September/October (2007 vol. 27)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MCG.2007.137
Anita D. D'Amico , Applied Visions
John R. Goodall , Applied Visions
Daniel R. Tesone , Applied Visions
Jason K. Kopylec , Applied Visions
Computer network defense (CND) requires analysts to detect both known and novel forms of attacks in massive volumes of network data. Visualization tools can potentially assist in the discovery of suspicious patterns of network activity and relationships between seemingly disparate security events, but few CND analysts are leveraging visualization technologies in their current practice. To address this, we created a new visualization framework, VIAssist, based on a comprehensive cognitive task analysis of CND analysts. We designed VIAssist to fit the work practices and operational environments of those analysts. This article describes the major visual analytic features of VIAssist that address the needs of CND analysts, including its coordinated visualizations and interactive report building capabilities. A scenario illustrates how it can be used to discover the unexpected in network flow data.
visual analytics, information visualization, information security, situational awareness, user-centered design
A. D. D'Amico, J. K. Kopylec, J. R. Goodall and D. R. Tesone, "Visual Discovery in Computer Network Defense," in IEEE Computer Graphics and Applications, vol. 27, no. , pp. 20-27, 2007.