Abstract
This chapter discusses lesson learned working with cyber situation awareness and network security domain experts to integrate visualizations into their current workflows. Working closely with network security experts, we discovered a critical set of requirements that a visualization must meet to be considered for use by the these domain experts. We next present two separate examples of visualizations that address these requirements: a flexible web-based application that visualizes network traffic and security data through analyst-driven correlated charts and graphs, and a set of ensemble-based extensions to visualize network traffic and security alerts using existing and future ensemble visualization algorithms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bradshaw, J.M., Carvalho, M., Bunch, L., Eskridge, T., Feltovich, P.J., Johnson, M., Kidwell, D.: Sol: an agent-based framework for cyber situation awareness. Künstliche Intellienz 26(2), 127–140 (2012)
Cockburn, A., Karlson, A., Bederson, B.B.: A review of overview+detail zooming and focus+context interfaces. ACM Comput. Surv. 41(1) (2008). Article 2
Dang, T.K., Dang, T.T.: A survey on security visualization techniques for web information systems. Int. J. Web Inf. Syst. 9(1), 6–31 (2013)
Goodall, J., Sowul, M.: VIAssist: visual analytics for cyber defense. In: IEEE Conference on Technologies for Homeland Security (HST 2009), Boston, pp. 143–150 (2009)
Heyes, R.: RGraph: HTML5 and JavaScript charts (2017). https://www.rgraph.net
HP ArcSight ESM. http://www8.hp.com/us/en/software-solutions/arcsight-esm-enterprise-security-management/
Kan, Z., Hu, C., Wang, Z., Wang, G., Huang, X.: NetVis: a network security management visualization tool based on Treemap. In: 2nd International Conference on Advanced Computer Control (ICACC 2010), Shenyang, pp. 18–21 (2010)
Mansmann, F., Fisher, F., Keim, D.A., North, S.C.: Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations. In: Symposium on Computer-Human Interaction for Management of Information (CHIMIT 2009), Baltimore, article 3 (2009)
McPherson, J., Ma, K., Krystosk, P., Bartoletti, T., Christensen, M.: PortVis: a tool for port-based detection of security events. In: Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC 2004), Washington, DC, pp. 73–81 (2004)
Minarik, P., Dymacek, T.: NetFlow data visualization based on graphs. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 144–151. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85933-8_14
Phan, D., Gerth, J., Lee, M., Paepcke, A., Winograd, T.: Visual analysis of network flow data with timelines and event plots. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSEC 2007, pp. 85–99. Springer, Heidelberg (2008)
SAS Visual Analytics. http://www.sas.com/en_us/software/business-intelligence/visual-analytics.html
Shiravi, H., Shiravi, A., Ghorbani, A.: A survey of visualization systems for network security. IEEE Trans. Vis. Comput. Graph. 18(8), 1313–1329 (2012)
Tableau Software. http://www.tableau.com
Tibco Spotfire. http://spotfire.tibco.com
Tricaud, S., Nance, K., Saadé, P.: Visualizing network activity using parallel coordinates. In: 44th Hawaii International Conference on System Sciences (HICSS 2011), Poipu, pp. 1–8 (2011)
Tufte, E.R.: The Visual Display of Quantitative Information. Graphics Press, Cheshire (1983)
Tufte, E.R.: Envisioning Information. Graphics Press, Cheshire (1990)
Zhang, Y., Xiao, Y., Chen, M., Zhang, J., Deng, H.: A survey of security visualization for computer network logs. Secur. Commun. Netw. 5(4), 404–421 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Healey, C.G., Hao, L., Hutchinson, S.E. (2017). Lessons Learned: Visualizing Cyber Situation Awareness in a Network Security Domain. In: Liu, P., Jajodia, S., Wang, C. (eds) Theory and Models for Cyber Situation Awareness. Lecture Notes in Computer Science(), vol 10030. Springer, Cham. https://doi.org/10.1007/978-3-319-61152-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-61152-5_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-61151-8
Online ISBN: 978-3-319-61152-5
eBook Packages: Computer ScienceComputer Science (R0)