| A user-centered approach to visualizing network traffic for intrusion detection |
| Full text |
 Pdf
(421 KB)
|
| Source
|
Conference on Human Factors in Computing Systems
archive
CHI '05 extended abstracts on Human factors in computing systems
table of contents
Portland, OR, USA
SESSION: Late breaking results: short papers
table of contents
Pages: 1403 - 1406
Year of Publication: 2005
ISBN:1-59593-002-7
|
|
Authors
|
|
John R. Goodall
|
UMBC, Baltimore, MD
|
|
A. Ant Ozok
|
UMBC, Baltimore, MD
|
|
Wayne G. Lutters
|
UMBC, Baltimore, MD
|
|
Penny Rheingans
|
UMBC, Baltimore, MD
|
|
Anita Komlodi
|
UMBC, Baltimore, MD
|
|
| Sponsors |
|
| Publisher |
|
| Bibliometrics |
Downloads (6 Weeks): 13, Downloads (12 Months): 90, Citation Count: 5
|
|
|
 ABSTRACT
Intrusion detection (ID) analysts are charged with ensuring the safety and integrity of today's high-speed computer networks. Their work includes the complex task of searching for indications of attacks and misuse in vast amounts of network data. Although there are several information visualization tools to support ID, few are grounded in a thorough understanding of the work ID analysts perform or include any empirical evaluation. We present a user-centered visualization based on our understanding of the work of ID and the needs of analysts derived from the first significant user study of ID. The tool presents analysts with both 'at a glance' understanding of network activity, and low-level network link details. Results from preliminary usability testing show that users performed better and found easier those tasks dealing with network state in comparison to network link tasks.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
|
| |
2
|
Erbacher, R., Walker, K., & Frincke, D. Intrusion and misuse detection in large-scale systems. IEEE Computer Graphics & Applications 1 (2002), 38--48.
|
 |
3
|
|
| |
4
|
|
| |
5
|
Jonathan McPherson , Kwan-Liu Ma , Paul Krystosk , Tony Bartoletti , Marvin Christensen, PortVis: a tool for port-based detection of security events, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA
[doi> 10.1145/1029208.1029220]
|
| |
6
|
Stolze, M., Pawlitzek, R., and Wespi, A. Visual Problem-Solving Support for New Event Triage in Centralized Network Security Monitoring. Proc.GI- SIDAR Conference IT Incident Management & IT Forensics, (2003).
|
| |
7
|
Xiaoxin Yin , William Yurcik , Michael Treaster , Yifan Li , Kiran Lakkaraju, VisFlowConnect: netflow visualizations of link relationships for security situational awareness, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA
[doi> 10.1145/1029208.1029214]
|
| |
8
|
Yurcik, W., Barlow, J., Lakkaraju, K., & Haberman, M. Two visual computer network security monitoring tools incorporating operator interface requirements. ACM CHI Workshop on HCI and Security Systems, (2003).
|
CITED BY 5
|
|
|
|
|
Ramona Su Thompson , Esa M. Rantanen , William Yurcik , Brian P. Bailey, Command line or pretty lines?: comparing textual and visual interfaces for intrusion detection, Proceedings of the SIGCHI conference on Human factors in computing systems, April 28-May 03, 2007, San Jose, California, USA
|
|
|
|
|
|
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
H.5