Visualizing network events in a muggle friendly way

This paper describes a work in progress for a proof of concept which visualizes network events of an industrial automation system in a 3D fish tank view. It aims to enable an automation operator, who most likely is a non-network-expert, to spot anomalies in network traffic and also to memorise past seen anomalies more easily. The developed solution builds upon three components: a Snort event-log forwarder, a database and the 3D fish tank to visualize the events. Different kind of fishes were chosen to present network nodes, and how they move in the fish tank describes the event. Visualization system was implemented using the Unity game engine. As this is still a work in progress, more development is needed; especially adding functionality to visualize normal network traffic besides Snort events is crucial. However, the first version showed interest among people, as this differs from traditional network event visualizations.

[1]  Mica R. Endsley,et al.  Designing for Situation Awareness : An Approach to User-Centered Design , 2003 .

[2]  Ben Shneiderman,et al.  Readings in information visualization - using vision to think , 1999 .

[3]  Yarden Livnat,et al.  A visualization paradigm for network intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[4]  Ali A. Ghorbani,et al.  A Survey of Visualization Systems for Network Security , 2012, IEEE Transactions on Visualization and Computer Graphics.

[5]  Kwan-Liu Ma,et al.  Case study: Interactive visualization for Internet security , 2002, IEEE Visualization, 2002. VIS 2002..

[6]  Philip A. Legg Enhancing cyber situation awareness for Non-Expert Users using visual analytics , 2016, 2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA).

[7]  Stuart Staniford,et al.  Viewing IDS alerts: lessons from SnortSnarf , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[8]  John T. Stasko,et al.  IDS rainStorm: visualizing IDS alarms , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[9]  Greg,et al.  Security data visualization : graphical techniques for network analysis , 2007 .

[10]  Raffael Marty,et al.  Applied Security Visualization , 2008 .

[11]  Nahum Gershon,et al.  What storytelling can do for information visualization , 2001, Commun. ACM.

[12]  Eric D. Knapp,et al.  Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems , 2011 .

[13]  William Yurcik,et al.  NVisionIP: netflow visualizations of system state for security situational awareness , 2004, VizSEC/DMSEC '04.