ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Command line or pretty lines?: comparing textual and visual interfaces for intrusion detection
Full text PdfPdf (646 KB)
Source
Conference on Human Factors in Computing Systems archive
Proceedings of the SIGCHI conference on Human factors in computing systems table of contents
San Jose, California, USA
SESSION: Input techniques table of contents
Page: 1205  
Year of Publication: 2007
ISBN:978-1-59593-593-9
Authors
Ramona Su Thompson  University of Illinois, Urbana, IL
Esa M. Rantanen  University of Illinois, Urbana, IL
William Yurcik  University of Illinois, Urbana, IL
Brian P. Bailey  University of Illinois, Urbana, IL
Sponsors
ACM: Association for Computing Machinery
SIGCHI: ACM Special Interest Group on Computer-Human Interaction
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 21,   Downloads (12 Months): 111,   Citation Count: 3
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1240624.1240807
What is a DOI?

ABSTRACT

Intrusion detection (ID) is one of network security engineers' most important tasks. Textual (command-line) and visual interfaces are two common modalities used to support engineers in ID. We conducted a controlled experiment comparing a representative textual and visual interface for ID to develop a deeper understanding about the relative strengths and weaknesses of each. We found that the textual interface allows users to better control the analysis of details of the data through the use of rich, powerful, and flexible commands while the visual interface allows better discovery of new attacks by offering an overview of the current state of the network. With this understanding, we recommend designing a hybrid interface that combines the strengths of textual and visual interfaces for the next generation of tools used for intrusion detection.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Cisco Systems NetFlow Services Export Version 9, http://www.ietf.org/rfc/rfc3954.txt, 2004.
 
2
Network- vs. Host-based Intrusion Detection http://www.vigilar.com/wps/ISS/network_vs_hostbased_ids.pdf, ISS: Internet Secruity Systems white paper, 1998.
 
3
Kulsoom Abdullah , Chris Lee , Gregory Conti , John A. Copeland , John Stasko, IDS RainStorm: Visualizing IDS Alarms, Proceedings of the IEEE Workshops on Visualization for Computer Security, p.1, October 26-26, 2005  [doi>10.1109/VIZSEC.2005.8]
4
Michelle Q. Wang Baldonado , Allison Woodruff , Allan Kuchinsky, Guidelines for using multiple views in information visualization, Proceedings of the working conference on Advanced visual interfaces, p.110-119, May 2000, Palermo, Italy  [doi>10.1145/345513.345271]
5
Robert Ball , Glenn A. Fink , Chris North, Home-centric visualization of network traffic for security administration, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA  [doi>10.1145/1029208.1029217]
6
Patrick Baudisch , Nathaniel Good , Paul Stewart, Focus plus context screens: combining display technology with visualization techniques, Proceedings of the 14th annual ACM symposium on User interface software and technology, November 11-14, 2001, Orlando, Florida  [doi>10.1145/502348.502354]
 
7
Anita D'Amico , Michael Kocka, Information Assurance Visualizations for Specific Stages of Situational Awareness and Intended Uses: Lessons Learned, Proceedings of the IEEE Workshops on Visualization for Computer Security, p.13, October 26-26, 2005  [doi>10.1109/VIZSEC.2005.13]
8
Don Gentner , Jakob Nielsen, The Anti-Mac interface, Communications of the ACM, v.39 n.8, p.70-82, Aug. 1996  [doi>10.1145/232014.232032]
9
John R. Goodall , Wayne G. Lutters , Anita Komlodi, I know my network: collaboration and expertise in intrusion detection, Proceedings of the 2004 ACM conference on Computer supported cooperative work, November 06-10, 2004, Chicago, Illinois, USA  [doi>10.1145/1031607.1031663]
 
10
Goodall, J.R., Lutters, W.G. and Komlodi, A., The Work of Intrusion Detection: Rethinking the Role of Security Analysts. AMCIS, (2004), 1421--1427.
 
11
John R. Goodall , Wayne G. Lutters , Penny Rheingans , Anita Komlodi, Preserving the Big Picture: Visual Network Traffic Analysis with TN, Proceedings of the IEEE Workshops on Visualization for Computer Security, p.6, October 26-26, 2005  [doi>10.1109/VIZSEC.2005.17]
12
John R. Goodall , A. Ant Ozok , Wayne G. Lutters , Penny Rheingans , Anita Komlodi, A user-centered approach to visualizing network traffic for intrusion detection, CHI '05 extended abstracts on Human factors in computing systems, April 02-07, 2005, Portland, OR, USA  [doi>10.1145/1056808.1056927]
13
Kasper Hornbæk , Benjamin B. Bederson , Catherine Plaisant, Navigation patterns and usability of zoomable user interfaces with and without an overview, ACM Transactions on Computer-Human Interaction (TOCHI), v.9 n.4, p.362-389, December 2002  [doi>10.1145/586081.586086]
14
Kasper Hornbæk , Erik Frøkjær, Reading of electronic documents: the usability of linear, fisheye, and overview+detail interfaces, Proceedings of the SIGCHI conference on Human factors in computing systems, p.293-300, March 2001, Seattle, Washington, United States  [doi>10.1145/365024.365118]
15
Klaus Julisch , Marc Dacier, Mining intrusion detection alarms for actionable knowledge, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, July 23-26, 2002, Edmonton, Alberta, Canada  [doi>10.1145/775047.775101]
 
16
Kandogan, E. and Haber, E. Security Administration Tools and Practices. in Cranon, L. and Garfinkel, S. eds. Security and Usability: Designing Secure Systems that People Can Use, O'Reilly, Beijing, 2005, 357--376.
17
Daniel A. Keim, Visual exploration of large data sets, Communications of the ACM, v.44 n.8, p.38-44, Aug. 2001  [doi>10.1145/381641.381656]
 
18
Killcrece, G., Kossakowski, K., Ruefle, R. and Zajicek, M. State of the Practice of Computer Security Response Teams (CSIRTs), Carnegie Mellon Software Engineering Institute (SEI), 2003.
19
Anita Komlodi , John R. Goodall , Wayne G. Lutters, An Information Visualization Framework for Intrusion Detection, CHI '04 extended abstracts on Human factors in computing systems, April 24-29, 2004, Vienna, Austria  [doi>10.1145/985921.1062935]
20
Kiran Lakkaraju , William Yurcik , Adam J. Lee, NVisionIP: netflow visualizations of system state for security situational awareness, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA  [doi>10.1145/1029208.1029219]
21
Jonathan McPherson , Kwan-Liu Ma , Paul Krystosk , Tony Bartoletti , Marvin Christensen, PortVis: a tool for port-based detection of security events, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA  [doi>10.1145/1029208.1029220]
 
22
Catherine Plaisant , David Carr , Ben Shneiderman, Image-Browser Taxonomy and Guidelines for Designers, IEEE Software, v.12 n.2, p.21-32, March 1995  [doi>10.1109/52.368260]
 
23
Thompson, R.S., Rantanen, E. and Yurcik, W., Network Intrusion Detection Cognitive Task Analysis: Textual and Visual Tool Usage and Recommendations. Proceedings of the 50th Annual Meeting of the Human Factors and Ergonomics Society, (2006).
24
Xiaoxin Yin , William Yurcik , Michael Treaster , Yifan Li , Kiran Lakkaraju, VisFlowConnect: netflow visualizations of link relationships for security situational awareness, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA  [doi>10.1145/1029208.1029214]
 
25
Yurcik, W., Barlow, J. and Rosendale, J., Maintaining Perspective on Who is the Enemy in the Security Systems Administration of Computer Networks. CHI Workshop on System Administrators Are Users, Too: Designing Workspaces for Managing Internet--Scale Systems, (2003).

CITED BY  3
Wenjuan Xu , Mohamed Shehab , Gail-Joon Ahn, Visualization based policy analysis: case study in SELinux, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Rodrigo Werlinger , Kirstie Hawkey , Kasia Muldner , Pooya Jaferian , Konstantin Beznosov, The challenges of using an intrusion detection system: is it worth the effort?, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania
Pooya Jaferian , David Botta , Fahimeh Raja , Kirstie Hawkey , Konstantin Beznosov, Guidelines for designing IT security management tools, Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology, November 14-15, 2008, San Diego, California

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)
          Subjects: Evaluation/methodology

Additional Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)
          Subjects: Interaction styles (e.g., commands, menus, forms, direct manipulation)


General Terms:
Human Factors, Security


Keywords:
intrusion detection, network security, textual interfaces, user study, visual interfaces

Collaborative Colleagues:
Ramona Su Thompson: colleagues
Esa M. Rantanen: colleagues
William Yurcik: colleagues
Brian P. Bailey: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player