Abstract
Visualization is the essential part of Security Information and Event Management (SIEM) systems. The paper suggests a common framework for SIEM visualization which allows incorporating different visualization technologies and extending easily the application functionality. To illustrate the framework, we developed a SIEM visualization component VisSecAnalyzer. The paper demonstrates its possibilities for the tasks of attack modeling and security assessment. To increase the efficiency of the visualization techniques we applied the principles of the human information perception and interaction.
Chapter PDF
Similar content being viewed by others
Keywords
References
Anwar, M., Fong, P.W.L., Yang, X.-D., Hamilton, H.: Visualizing Privacy Implications of Access Control Policies in Social Network Systems. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) DPM 2009. LNCS, vol. 5939, pp. 106–120. Springer, Heidelberg (2010)
Anwar, M., Fong, P.W.L.: P.: A Visualisation Tool for Evaluating Access Control Policies in Facebook-style Social Network Systems. Proc. of the 27th Annual ACM Symposium on Applied Computing (SAC 2012), pp. 1443–1450. ACM, New York (2012)
Chu, M., Ingols, K., Lippmann, R., Webster, S., Boyer, S.: Visualizing Attack Graphs, Reachability, and Trust Relationships with NAVIGATOR. In: Proc. of the Seventh International Symposium on Visualization for Cyber Security, Ontario, Canada, pp. 22–33 (2010)
Common Vulnerabilities and Exposures, http://cve.mitre.org/
Common Vulnerability Scoring System, http://www.first.org/cvss/
Ficco, M., Romano, L.: A generic intrusion detection and diagnoser system based on complex event processing. In: Proc. of the 1st International Conference on Data Compression, Communication, and Processing, pp. 275–284 (2011)
Fischer, F., Fuchs, J., Mansmann, F.: ClockMap: Enhancing Circular Treemaps with Temporal Glyphs for Time-Series Data. In: Proceedings of the Eurographics Conference on Visualization (EuroVis), pp. 97–101 (2012)
O’Hare, S., Noel, S., Prole, K.: A Graph-theoretic Visualization Approach to Network Risk Analysis. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 60–67. Springer, Heidelberg (2008)
Harrison, L., Spahn, R., Iannacone, M., Downing, E., Goodall, J.R.: NV: Nessus Vulnerability Visualisation for the Web. In: Proc. of the VizSec 2012, Seattle, WA, USA, October 15 (2012)
Heitzmann, A., Palazzi, B., Papamanthou, C., Tamassia, R.: Effective Visualization of File System Access-Control. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 18–25. Springer, Heidelberg (2008)
Homer, J., Varikuti, A., Ou, X., McQueen, M.A.: Improving Attack Graph Visualization through Data Reduction and Attack Grouping. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 68–79. Springer, Heidelberg (2008)
Inoue, D., Eto, M., Suzuki, K., Suzuki, M., Nakao, K.: DAEDALUS-VIZ: Novel Real-time 3D Visualization for Darknet Monitoring-based Alert System. In: Proc. VizSec 2012, Seattle, WA, USA, October 15 (2012)
Keim, D.A., Andrienko, G., Fekete, J.-D., Görg, C., Kohlhammer, J., Melançon, G.: Visual Analytics: Definition, Process, and Challenges. In: Kerren, A., Stasko, J.T., Fekete, J.-D., North, C. (eds.) Information Visualization. LNCS, vol. 4950, pp. 154–175. Springer, Heidelberg (2008)
Komiyama, T.: Usability Evaluation Based on International Standards for Software Quality Evaluation. Nec Technical Journal 3(2) (2008)
Kotenko, I., Chechulin, A.: Attack Modeling and Security Evaluation in SIEM Systems. International Transactions on Systems Science and Applications 8, 129–147 (2012)
Lakkaraju, K., Yurcik, W., Lee, A.J.: NVisionIP: Netflow visualizations of system state for security situational awareness. In: Proc. of the ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC 2004), New York, USA, pp. 65–72 (2004)
Lau, S.: The spinning cube of potential doom. Communications of the ACM 47(6), 24–26 (2004)
Lee, C.P., Trost, J., Gibbs, N., Beyah, N., Copeland, J.A.: Visual Firewall: Real-time Network Security Monitor. In: Proc. of the IEEE Workshop on Visualization for Computer Security (VizSEC 2005), pp. 129–136 (2005)
Mansmann, F., Göbel, T., Cheswick, W.: Visual Analysis of Complex Firewall Configurations. In: Proc. of VizSec 2012, Seattle, WA, USA, October 15 (2012)
Marty, R.: Applied Security Visualisation. Addison Wesley Professional, NY (2008)
Montemayor, J., Freeman, A., Gersh, J., Llanso, T., Patrone, D.: Information Visualisation for Rule-based Resource Access Control. In: Proc. of International Symposium on Usable Privacy and Security, SOUPS (2006)
National Vulnerability Database, http://nvd.nist.gov/
Nessus vulnerability scanner website, http://www.tenable.com/
Noel, S., Jacobs, M., Kalapa, P., Jajodia, S.: Multiple Coordinated Views for Network Attack Graphs. In: Proc. of the IEEE Workshops on Visualisation for Computer Security, p. 12. IEEE Computer Society (2005)
Noel, S., Jajodia, S.: Understanding Complex Network Attack Graphs through Clustered Adjacency Matrices. In: Proc. of the 21st Annual Computer Security Applications Conference, ACSAC 2005, pp. 160–169. IEEE Computer Society (2005)
Novikova, E., Kotenko, I.: Analytical Visualization Techniques for Security Information and Event Management. In: Proc. of the 21st Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP 2013), Belfast, Northern Ireland, Los Alamitos, California, pp. 519–525. IEEE Computer Society (2013)
Ohno, K., Koike, H., Koizumi, K.: IP Matrix: an effective visualization framework for cyber threat monitoring. In: Proc. of the 9th International Conference on Information Visualization (IV 2005), pp. 678–685. IEEE Computer Society, Washington, DC (2005)
RedSeal Networks Vulnerability & Risk Management Solution, http://www.redsealnetworks.com/solutions/vulnerability/
Stasko, J., Catrambone, R., Guzdial, M., McDonald, K.: An Evaluation of Space-filling Information Visualisations for Depicting Hierarchical Structures. International Journal of Human-Computer Studies 53(5), 663–694 (2000)
Taylor, T., Brooks, S., Mchugh, J., Brooks, S.: NetBytes Viewer: An Entity-based Netflow Visualization Utility for Identifying Intrusive Behavior. In: VizSEC 2007: Proc. of the 2007 Workshop on Visualization for Computer Security, pp. 101–114 (2008)
Tran, T., Al-Shaer, E., Boutaba, R.: PolicyVis: Firewall Security Policy Visualisation and Inspection. In: Proc. of the 21st Conference on Large Installation System Administration Conference (LISA 2007), pp. 1–16. USENIX Association, Berkeley (2007)
Williams, L., Lippmann, R., Ingols, K.: An Interactive Attack Graph Cascade and Reachability Display. In: Proc. of the Workshop on Visualisation for Computer Security, Sacramento, California, USA, pp. 221–236. Springer, Heidelberg (2007)
Williams, L., Lippmann, R., Ingols, K.: GARNET: A Graphical Attack Graph and Reachability Network Evaluation Tool. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 44–59. Springer, Heidelberg (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kotenko, I., Novikova, E. (2013). VisSecAnalyzer: A Visual Analytics Tool for Network Security Assessment. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds) Security Engineering and Intelligence Informatics. CD-ARES 2013. Lecture Notes in Computer Science, vol 8128. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40588-4_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-40588-4_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40587-7
Online ISBN: 978-3-642-40588-4
eBook Packages: Computer ScienceComputer Science (R0)