Ensemble visualization for cyber situation awareness of network security data


Conference


L. Hao, C. G. Healey, S. E. Hutchinson
IEEE Symposium on Visualization for Cyber Security (VizSec '15), 2015, pp. 1-8

View PDF Semantic Scholar DBLP DOI
Cite

Cite

APA   Click to copy
Hao, L., Healey, C. G., & Hutchinson, S. E. (2015). Ensemble visualization for cyber situation awareness of network security data. In IEEE Symposium on Visualization for Cyber Security (VizSec '15) (pp. 1–8).


Chicago/Turabian   Click to copy
Hao, L., C. G. Healey, and S. E. Hutchinson. “Ensemble Visualization for Cyber Situation Awareness of Network Security Data.” In IEEE Symposium on Visualization for Cyber Security (VizSec '15), 1–8, 2015.


MLA   Click to copy
Hao, L., et al. “Ensemble Visualization for Cyber Situation Awareness of Network Security Data.” IEEE Symposium on Visualization for Cyber Security (VizSec '15), 2015, pp. 1–8.


BibTeX   Click to copy

@conference{l2015a,
  title = {Ensemble visualization for cyber situation awareness of network security data},
  year = {2015},
  pages = {1-8},
  author = {Hao, L. and Healey, C. G. and Hutchinson, S. E.},
  booktitle = {IEEE Symposium on Visualization for Cyber Security (VizSec '15)}
}

Abstract

Network security analysis and ensemble data visualization are two active research areas. Although they are treated as separate domains, they share many common challenges and characteristics. Both focus on scalability, time-dependent data analytics, and exploration of patterns and unusual behaviors in large datasets. These overlaps provide an opportunity to apply ensemble visualization research to improve network security analysis. To study this goal, we propose methods to interpret network security alerts and flow traffic as ensemble members. We can then apply ensemble visualization techniques in a network analysis environment to produce a network ensemble visualization system. Including ensemble representations provide new, in-depth insights into relationships between alerts and flow traffic. Analysts can cluster traffic with similar behavior and identify traffic with unusual patterns, something that is difficult to achieve with high-level overviews of large network datasets. Furthermore, our ensemble approach facilitates analysis of relationships between alerts and flow traffic, improves scalability, maintains accessibility and configurability, and is designed to fit our analysts' working environment, mental models, and problem solving strategies.


Share

Tools
Translate to