Article

Visualizing network traffic for intrusion detection

Author:

John R. GoodallAuthors Info & Claims

DIS '06: Proceedings of the 6th conference on Designing Interactive systems

Pages 363 - 364

https://doi.org/10.1145/1142405.1142465

Published: 26 June 2006 Publication History

Get Access

Abstract

Intrusion detection, the process of using network data to identify potential attacks, has become an essential component of information security. Human analysts doing intrusion detection work utilize vast amounts of data from disparate sources to make decisions about potential attacks. Yet, there is limited understanding of this critical human component. This research seeks to understand the work practices of these human analysts to inform the design of a task-appropriate information visualization tool to support network intrusion detection analysis tasks. System design will follow a user-centered, spiral methodology. System evaluation will include both a field-based qualitative evaluation, uncommon in information visualization, and a lab-based benchmarking evaluation.

References

[1]

Card, S.K., Mackinlay, J.D. and Shneiderman, B. Information visualization: Using vision to think. Morgan Kaufman Publishers, San Francisco, CA, 1999.

Digital Library

Google Scholar

[2]

Goodall, J.R., Lutters, W.G. and Komlodi, A., The work of intrusion detection: Rethinking the role of security analysts. Proc. of AMCIS, (2004), 1421--1427.

Google Scholar

[3]

Goodall, J.R., Ozok, A.A., Lutters, W.G., Rheingans, P. and Komlodi, A., A user-centered approach to visualizing network traffic for intrusion detection. Ext. Abstracts ACM CHI, (2005), 1403--1406.

Digital Library

Google Scholar

[4]

Julisch, K. and Dacier, M., Mining intrusion detection alarms for actionable knowledge. Proc. of ACM SIGKDD, (2002), 366--375.

Digital Library

Google Scholar

[5]

Stolze, M., Pawlitzek, R. and Wespi, A., Visual problem-solving support for new event triage in centralized network security monitoring: Challenges, tools and benefits. GI-SIDAR Conf. IMF (2003).

Google Scholar

[6]

Yurcik, W., Barlow, J., Lakkaraju, K. and Haberman, M., Two visual computer network security monitoring tools incorporating operator interface requirements. ACM CHI HCISEC Workshop, (2003).

Google Scholar

Cited By

View all

Alhaidari FTammas RAlghamdi DAlrashedi RAlthani NAlsaidan SAlFosail MZagrouba RAlattas H(2022)A study on Automated Cyberattacks Detection and Visualization2022 14th International Conference on Computational Intelligence and Communication Networks (CICN)10.1109/CICN56167.2022.10008351(715-722)Online publication date: 4-Dec-2022
https://doi.org/10.1109/CICN56167.2022.10008351

Index Terms

Visualizing network traffic for intrusion detection
1. Human-centered computing
  1. Interaction design
    1. Interaction design process and methods
      1. User centered design

Recommendations

A user-centered approach to visualizing network traffic for intrusion detection
CHI EA '05: CHI '05 Extended Abstracts on Human Factors in Computing Systems

Intrusion detection (ID) analysts are charged with ensuring the safety and integrity of today's high-speed computer networks. Their work includes the complex task of searching for indications of attacks and misuse in vast amounts of network data. ...
Syntax vs. semantics: competing approaches to dynamic network intrusion detection

Malicious network traffic, including widespread worm activity, is a growing threat to internet-connected networks and hosts. In this paper, we consider both syntax and semantics based approaches for dynamic network intrusion detection. The semantics-...
Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

Although network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...

Comments

Information & Contributors

Information

Published In

DIS '06: Proceedings of the 6th conference on Designing Interactive systems

June 2006

384 pages

ISBN:1595933670

DOI:10.1145/1142405

General Chair:
John M. Carroll
The Pennsylvania State University, USA
,
Program Chairs:
Susanne Bødker
Aarhus University, Denmark
,
Julie Coughlin
The Pennsylvania State University, USA

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 June 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

DIS06

Sponsor:

DIS06: Designing Interactive Systems 2006

June 26 - 28, 2006

PA, University Park, USA

Acceptance Rates

Overall Acceptance Rate 1,158 of 4,684 submissions, 25%

Upcoming Conference

DIS '25

Sponsor:
sigchi

Designing Interactive Systems Conference

July 5 - 9, 2025

Funchal , Portugal

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
567
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Alhaidari FTammas RAlghamdi DAlrashedi RAlthani NAlsaidan SAlFosail MZagrouba RAlattas H(2022)A study on Automated Cyberattacks Detection and Visualization2022 14th International Conference on Computational Intelligence and Communication Networks (CICN)10.1109/CICN56167.2022.10008351(715-722)Online publication date: 4-Dec-2022
https://doi.org/10.1109/CICN56167.2022.10008351

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

A user-centered approach to visualizing network traffic for intrusion detection

Syntax vs. semantics: competing approaches to dynamic network intrusion detection

Detecting, validating and characterizing computer infections in the wild

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations