Skip to main content
SpringerLink
Log in

Lessons Learned: Visualizing Cyber Situation Awareness in a Network Security Domain

  • Chapter
  • First Online:
Theory and Models for Cyber Situation Awareness

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10030))

  • 1988 Accesses

Abstract

This chapter discusses lesson learned working with cyber situation awareness and network security domain experts to integrate visualizations into their current workflows. Working closely with network security experts, we discovered a critical set of requirements that a visualization must meet to be considered for use by the these domain experts. We next present two separate examples of visualizations that address these requirements: a flexible web-based application that visualizes network traffic and security data through analyst-driven correlated charts and graphs, and a set of ensemble-based extensions to visualize network traffic and security alerts using existing and future ensemble visualization algorithms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 16.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bradshaw, J.M., Carvalho, M., Bunch, L., Eskridge, T., Feltovich, P.J., Johnson, M., Kidwell, D.: Sol: an agent-based framework for cyber situation awareness. Künstliche Intellienz 26(2), 127–140 (2012)

    Article  Google Scholar 

  2. Cockburn, A., Karlson, A., Bederson, B.B.: A review of overview+detail zooming and focus+context interfaces. ACM Comput. Surv. 41(1) (2008). Article 2

    Google Scholar 

  3. Dang, T.K., Dang, T.T.: A survey on security visualization techniques for web information systems. Int. J. Web Inf. Syst. 9(1), 6–31 (2013)

    Article  Google Scholar 

  4. Goodall, J., Sowul, M.: VIAssist: visual analytics for cyber defense. In: IEEE Conference on Technologies for Homeland Security (HST 2009), Boston, pp. 143–150 (2009)

    Google Scholar 

  5. Heyes, R.: RGraph: HTML5 and JavaScript charts (2017). https://www.rgraph.net

  6. HP ArcSight ESM. http://www8.hp.com/us/en/software-solutions/arcsight-esm-enterprise-security-management/

  7. Kan, Z., Hu, C., Wang, Z., Wang, G., Huang, X.: NetVis: a network security management visualization tool based on Treemap. In: 2nd International Conference on Advanced Computer Control (ICACC 2010), Shenyang, pp. 18–21 (2010)

    Google Scholar 

  8. Mansmann, F., Fisher, F., Keim, D.A., North, S.C.: Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations. In: Symposium on Computer-Human Interaction for Management of Information (CHIMIT 2009), Baltimore, article 3 (2009)

    Google Scholar 

  9. McPherson, J., Ma, K., Krystosk, P., Bartoletti, T., Christensen, M.: PortVis: a tool for port-based detection of security events. In: Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC 2004), Washington, DC, pp. 73–81 (2004)

    Google Scholar 

  10. Minarik, P., Dymacek, T.: NetFlow data visualization based on graphs. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 144–151. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85933-8_14

    Chapter  Google Scholar 

  11. Phan, D., Gerth, J., Lee, M., Paepcke, A., Winograd, T.: Visual analysis of network flow data with timelines and event plots. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSEC 2007, pp. 85–99. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  12. SAS Visual Analytics. http://www.sas.com/en_us/software/business-intelligence/visual-analytics.html

  13. Shiravi, H., Shiravi, A., Ghorbani, A.: A survey of visualization systems for network security. IEEE Trans. Vis. Comput. Graph. 18(8), 1313–1329 (2012)

    Article  Google Scholar 

  14. Tableau Software. http://www.tableau.com

  15. Tibco Spotfire. http://spotfire.tibco.com

  16. Tricaud, S., Nance, K., Saadé, P.: Visualizing network activity using parallel coordinates. In: 44th Hawaii International Conference on System Sciences (HICSS 2011), Poipu, pp. 1–8 (2011)

    Google Scholar 

  17. Tufte, E.R.: The Visual Display of Quantitative Information. Graphics Press, Cheshire (1983)

    Google Scholar 

  18. Tufte, E.R.: Envisioning Information. Graphics Press, Cheshire (1990)

    Google Scholar 

  19. Zhang, Y., Xiao, Y., Chen, M., Zhang, J., Deng, H.: A survey of security visualization for computer network logs. Secur. Commun. Netw. 5(4), 404–421 (2012)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, North Carolina State University, Raleigh, NC, 27695-8206, USA

    Christopher G. Healey & Lihua Hao

  2. ICF International, U.S. Army Research Laboratory, Adelphi, USA

    Steve E. Hutchinson

Authors
  1. Christopher G. Healey
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lihua Hao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Steve E. Hutchinson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christopher G. Healey .

Editor information

Editors and Affiliations

  1. Pennsylvania State University, University Park, Pennsylvania, USA

    Peng Liu

  2. George Mason University, Fairfax, Virginia, USA

    Sushil Jajodia

  3. Army Research Office, Research Triangle Park, North Carolina, USA

    Cliff Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Healey, C.G., Hao, L., Hutchinson, S.E. (2017). Lessons Learned: Visualizing Cyber Situation Awareness in a Network Security Domain. In: Liu, P., Jajodia, S., Wang, C. (eds) Theory and Models for Cyber Situation Awareness. Lecture Notes in Computer Science(), vol 10030. Springer, Cham. https://doi.org/10.1007/978-3-319-61152-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-61152-5_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-61151-8

  • Online ISBN: 978-3-319-61152-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation