ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Visualizing network traffic for intrusion detection
Full text PdfPdf (253 KB)
Source Designing Interactive Systems archive
Proceedings of the 6th conference on Designing Interactive systems table of contents
University Park, PA, USA
SESSION: Doctoral symposium table of contents
Pages: 363 - 364  
Year of Publication: 2006
ISBN:1-59593-367-0
Author
John R. Goodall  UMBC, Baltimore, MD
Sponsors
ACM: Association for Computing Machinery
SIGCHI: ACM Special Interest Group on Computer-Human Interaction
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 16,   Downloads (12 Months): 77,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1142405.1142465
What is a DOI?

ABSTRACT

Intrusion detection, the process of using network data to identify potential attacks, has become an essential component of information security. Human analysts doing intrusion detection work utilize vast amounts of data from disparate sources to make decisions about potential attacks. Yet, there is limited understanding of this critical human component. This research seeks to understand the work practices of these human analysts to inform the design of a task-appropriate information visualization tool to support network intrusion detection analysis tasks. System design will follow a user-centered, spiral methodology. System evaluation will include both a field-based qualitative evaluation, uncommon in information visualization, and a lab-based benchmarking evaluation.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Stuart K. Card , Jock D. Mackinlay , Ben Shneiderman, Readings in information visualization: using vision to think, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1999
 
2
Goodall, J.R., Lutters, W.G. and Komlodi, A., The work of intrusion detection: Rethinking the role of security analysts. Proc. of AMCIS, (2004), 1421--1427.
3
John R. Goodall , A. Ant Ozok , Wayne G. Lutters , Penny Rheingans , Anita Komlodi, A user-centered approach to visualizing network traffic for intrusion detection, CHI '05 extended abstracts on Human factors in computing systems, April 02-07, 2005, Portland, OR, USA  [doi>10.1145/1056808.1056927]
4
Klaus Julisch , Marc Dacier, Mining intrusion detection alarms for actionable knowledge, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, July 23-26, 2002, Edmonton, Alberta, Canada  [doi>10.1145/775047.775101]
 
5
Stolze, M., Pawlitzek, R. and Wespi, A., Visual problem-solving support for new event triage in centralized network security monitoring: Challenges, tools and benefits. GI-SIDAR Conf. IMF (2003).
 
6
Yurcik, W., Barlow, J., Lakkaraju, K. and Haberman, M., Two visual computer network security monitoring tools incorporating operator interface requirements. ACM CHI HCISEC Workshop, (2003).

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)
          Subjects: User-centered design


Keywords:
HCI, information visualization, intrusion detection, network security

Collaborative Colleagues:
John R. Goodall: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player