Design and implementation of the honeycomb structure visualization system for the effective security situational awareness of large-scale networks*

ABSTRACT Due to the increase in size of the computer network, the network security systems such as a firewall, IDS, IPS generate much more vast amount of information related to network security. So detecting signs of hidden security threats has become more difficult. Security personnels’ ‘Network Security Situational A wareness(NSSA)' is effectively determining the security situation of overall computer network on the basis of the relation between t he security events that occur in the several views. The process of situational awareness is divided into three stages of the ‘identification,’ ‘understanding’ and ‘prediction’. And ‘identifi cation’ and ‘understanding’ are prerequisites for ‘predicting’ and the following appropriate responses. But ‘identification' and ‘understanding' in the vast amount of information became more d ifficult. In this paper, we propose Honeycomb security situational awareness visualization system that is designed to help NSSA in large-scale networks by using visualization techniques known effective to the ‘identification' and ’underst anding’ stages. And we identified the empirical effects of this system on the basis of the ‘VAST Challenge 2012’ data.Keywords: situational awareness, security visualization, honeycomb struc ture

[1]  Hideki Koike,et al.  SnortView: visualization system of snort logs , 2004, VizSEC/DMSEC '04.

[2]  Mary C. Dyson,et al.  Comparing a text- and visual-based interface presenting social information in an online environment , 2006, Visual Languages and Human-Centric Computing (VL/HCC'06).

[3]  Anita D'Amico,et al.  Information assurance visualizations for specific stages of situational awareness and intended uses: lessons learned , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[4]  Daniel A. Keim,et al.  BANKSAFE: A visual situational awareness tool for large-scale computer networks: VAST 2012 challenge award: Outstanding comprehensive submission, including multiple vizes , 2012, IEEE VAST.

[5]  Yifan Li,et al.  VisFlowConnect: netflow visualizations of link relationships for security situational awareness , 2004, VizSEC/DMSEC '04.

[6]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[7]  John T. Stasko,et al.  IDS rainStorm: visualizing IDS alarms , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[8]  Kulsoom Abdullah,et al.  Passive visual fingerprinting of network attack tools , 2004, VizSEC/DMSEC '04.

[9]  Yarden Livnat,et al.  A visualization paradigm for network intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[10]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[11]  William Yurcik,et al.  NVisionIP: netflow visualizations of system state for security situational awareness , 2004, VizSEC/DMSEC '04.

[12]  Xiaoping Fan,et al.  A real-time visualization framework for IDS alerts , 2012, VINCI.

[13]  G. Conti,et al.  Real-time and forensic network data analysis using animated and coordinated visualization , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[14]  Ali A. Ghorbani,et al.  IDS Alert Visualization and Monitoring through Heuristic Host Selection , 2010, ICICS.

[15]  Robert L. Glass,et al.  A look at the economics of open source , 2004, CACM.

[17]  John McHugh,et al.  FloVis: Flow Visualization System , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[18]  Stephen Lau,et al.  The Spinning Cube of Potential Doom , 2004, CACM.