An intelligent, interactive tool for exploration and visualization of time-oriented security data

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

22 Scopus citations

Abstract

The detection of known and unknown attacks usually requires the interpretation and presentation of very large amounts of time-oriented security data. Using regular means for displaying the data, such as text or tables, is often ineffective. Furthermore, displaying only raw data is not sufficient, because the security expert is still required to derive meaningful conclusions from large amounts of data. In addition, in many cases (e.g., for detecting a virus spreading in the network), an aggregated view of multiple network devices is more effective than a view of each individual device. In this paper we propose an intelligent interface used by a distributed architecture that was described in our previous work, specific to the tasks of knowledge-based interpretation, summarization, query, visualization and interactive exploration of large numbers of time-oriented data. In order to support the interpretation and computation process, we provide automated mechanisms that perform derivation of context-specific, interval-based abstract interpretations (also known as Temporal Abstractions) from raw time-stamped security data, by using a domain-specific knowledge-base (e.g., a period of 5 hours, during the night, of a high number of FTP connections within the context of No User Activity, which might indicate the existence of a Trojan in the computer). The proposed visualization tool includes several functionalities for querying, visualization and exploration of both raw and abstracted time-oriented security data regarding single and multiple network devices.

Original languageEnglish
Title of host publicationProceedings of the 3rd International Workshop on Visualization for Computer Security, VizSEC'06. Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06
Pages15-22
Number of pages8
DOIs
StatePublished - 1 Dec 2006
Event3rd International Workshop on Visualization for Computer Security, VizSEC'06. Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06 - Alexandria, VA, United States
Duration: 3 Nov 20063 Nov 2006

Publication series

NameProceedings of the 3rd International Workshop on Visualization for Computer Security, VizSEC'06. Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06

Conference

Conference3rd International Workshop on Visualization for Computer Security, VizSEC'06. Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06
Country/TerritoryUnited States
CityAlexandria, VA
Period3/11/063/11/06

Keywords

  • Human-computer interaction
  • Intelligent visualization
  • Knowledge-based systems
  • Security
  • Temporal-abstraction

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Software

Fingerprint

Dive into the research topics of 'An intelligent, interactive tool for exploration and visualization of time-oriented security data'. Together they form a unique fingerprint.

Cite this