ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Visualizations to improve reactivity towards security incidents inside corporate networks
Full text PdfPdf (632 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 3rd international workshop on Visualization for computer security table of contents
Alexandria, Virginia, USA
SESSION: Short presentations table of contents
Pages: 95 - 102  
Year of Publication: 2006
ISBN:1-59593-549-5
Author
Patrick Hertzog  NEXThink S.A.
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 125,   Citation Count: 0
Additional Information:

abstract   references   index terms  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1179576.1179596
What is a DOI?

ABSTRACT

Corporations are usually not able to react quickly enough toward security incidents because their security staffs are flooded by information difficult to interpret. To help them in their task, we propose a new approach to build efficient visualizations based on more pertinent information. Fewer but higher-level parameters are collected on the endpoints and then centralized on the network. We also present an interactive grouping method to overcome the problem of the amount of data to display. Finally, two complementary visualizations based on that approach are described along with usage scenarios that illustrate their usefulness.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Kulsoom Abdullah , Chris Lee , Gregory Conti , John A. Copeland , John Stasko, IDS RainStorm: Visualizing IDS Alarms, Proceedings of the IEEE Workshops on Visualization for Computer Security, p.1, October 26-26, 2005  [doi>10.1109/VIZSEC.2005.8]
2
Christopher Ahlberg , Ben Shneiderman, Visual information seeking: tight coupling of dynamic query filters with starfield displays, Conference companion on Human factors in computing systems, p.222, April 24-28, 1994, Boston, Massachusetts, United States  [doi>10.1145/259963.260390]
3
Gregory Conti , Mustaque Ahamad , John Stasko, Attacking information visualization system usability overloading and deceiving the human, Proceedings of the 2005 symposium on Usable privacy and security, p.89-100, July 06-08, 2005, Pittsburgh, Pennsylvania  [doi>10.1145/1073001.1073010]
 
4
Gregory Conti , Julian Grizzard , Mustaque Ahamad , Henry Owen, Visual Exploration of Malicious Network Objects Using Semantic Zoom, Interactive Encoding and Dynamic Queries, Proceedings of the IEEE Workshops on Visualization for Computer Security, p.10, October 26-26, 2005  [doi>10.1109/VIZSEC.2005.19]
 
5
John R. Goodall , Wayne G. Lutters , Penny Rheingans , Anita Komlodi, Preserving the Big Picture: Visual Network Traffic Analysis with TN, Proceedings of the IEEE Workshops on Visualization for Computer Security, p.6, October 26-26, 2005  [doi>10.1109/VIZSEC.2005.17]
 
6
Yusuke Hideshima , Hideki Koike, STARMINE: a visualization system for cyber attacks, Proceedings of the 2006 Asia-Pacific Symposium on Information Visualisation, p.131-138, February 01, 2006, Tokyo, Japan
 
7
A. Inselberg. The plane with parallel coordinates. In The Visual Computer, pages 69--91, 1985.
8
Hideki Koike , Kazuhiro Ohno, SnortView: visualization system of snort logs, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA  [doi>10.1145/1029208.1029232]
9
Kiran Lakkaraju , William Yurcik , Adam J. Lee, NVisionIP: netflow visualizations of system state for security situational awareness, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA  [doi>10.1145/1029208.1029219]
 
10
MieLog: A Highly Interactive Visual Log Browser Using Information Visualization and Statistical Analysis, Proceedings of the 16th USENIX conference on System administration, November 03-08, 2002, Philadelphia, PA
 
11
T. Takada and H. Koike. Tudumi: Information visualization system for monitoring and auditing computer logs. In Proceedings of the Sixth International Conference on Information Visualisation (IV '02), London, England, UK, July 2002.
 
12
W. Yurcik. Visflowconnect-ip: A link-based visualization of netflows for security monitoring. In Proceedings of the Eighteenth Annual FIRST Conference on Computer Security Incident Handling, Baltimore, MD, USA, June 2006.

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)
      C.2.3 Network Operations
          Subjects: Network monitoring


General Terms:
Security


Keywords:
alarm visualization, connection visualization, parallel-coordinates, reaction time, reactivity, security, starfield


The ACM Portal is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player