Exploring utilization of visualization for computer and network security

The role of the network security administrator is continually morphing to keep pace with the ever-changing area of computer and network security. These changes are due in part to both the continual development of new security exploits by attackers as well as improvements in network security products available for use. One area which has garnered much research in the past decade is the use of visualization to ease the strain on network security administrators. Visualization mechanisms utilize the parallel processing power of the human visual system to allow for the identification of possible nefarious network activity. This research details the development and use of a visualization system for network security. The manuscript is composed of four papers which provide a progression of research pertaining to the system. The first paper utilizes research in the area of information visualization to develop a new framework for designing visualization systems for network security. Next, a visualization system is developed in the second paper which has been utilized during multiple cyber defense competitions to aid in competition performance. The last two papers deal with evaluating the developed system. First, an exploratory analysis provides an initial assessment using participant interviews during one cyber defense competition. Second, a quasi field experiment explores the intention of subjects to use the system based on the type of visualization being viewed.

[1]  G. Conti,et al.  Real-time and forensic network data analysis using animated and coordinated visualization , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[2]  Alexander A. Sawchuk,et al.  CyberSeer: 3D audio-visual immersion for network security and management , 2004, VizSEC/DMSEC '04.

[3]  William Yurcik,et al.  NVisionIP: netflow visualizations of system state for security situational awareness , 2004, VizSEC/DMSEC '04.

[4]  W. W. Royce,et al.  Managing the development of large software systems , 1970 .

[5]  Hideki Koike,et al.  Tudumi: information visualization system for monitoring and auditing computer logs , 2002, Proceedings Sixth International Conference on Information Visualisation.

[6]  Tetsuji Takada,et al.  MieLog: A Highly Interactive Visual Log Browser Using Information Visualization and Statistical Analysis , 2002, LISA.

[7]  Marco Arguedas,et al.  Concept Maps: Integrating Knowledge and Information Visualization , 2005, Knowledge and Information Visualization.

[8]  Gerald L. Kovacich,et al.  Information Assurance: Surviving in the Information Environment , 2001 .

[9]  Gurpreet Dhillon,et al.  Technical opinion: Information system security management in the new millennium , 2000, CACM.

[10]  Wayne G. Lutters,et al.  An Information Visualization Framework for Intrusion Detection , 2004, CHI EA '04.

[11]  Hironori Hiraishi,et al.  Design of a visual browser for network intrusion detection , 2001, Proceedings Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. WET ICE 2001.

[12]  Richard,et al.  Extrinsic and Intrinsic Motivation to Use Computers in the Workplace , 2022 .

[13]  H. Simon,et al.  The sciences of the artificial (3rd ed.) , 1996 .

[14]  Hideki Koike,et al.  Visualizing cyber attacks using IP matrix , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[15]  W. Hays Semiology of Graphics: Diagrams Networks Maps. , 1985 .

[16]  Mary J. Culnan,et al.  Mapping the Intellectual Structure of MIS, 1980-1985: A Co-Citation Analysis , 1987, MIS Q..

[17]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[18]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[19]  Fred D. Davis,et al.  Extrinsic and Intrinsic Motivation to Use Computers in the Workplace1 , 1992 .

[20]  Hideki Koike,et al.  SnortView: visualization system of snort logs , 2004, VizSEC/DMSEC '04.

[21]  Lance J. Hoffman,et al.  Exploring a national cybersecurity exercise for universities , 2005, IEEE Security & Privacy Magazine.

[22]  John R. James,et al.  Architecture of a cyber defense competition , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[23]  Yifan Li,et al.  VisFlowConnect: netflow visualizations of link relationships for security situational awareness , 2004, VizSEC/DMSEC '04.

[24]  I. Ajzen,et al.  Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research , 1977 .

[25]  J. SchepensDanie Wayne,et al.  THE CYBER DEFENSE EXERCISE: AN EVALUATION OF THE EFFECTIVENESS OF INFORMATION ASSURANCE EDUCATION , 2001 .

[26]  Xiaoning Zhang,et al.  Data Mining for Network Intrusion Detection: A Comparison of Alternative Methods , 2001, Decis. Sci..

[27]  Eric Miller,et al.  Testing and evaluating computer intrusion detection systems , 1999, CACM.

[28]  Ron Weber,et al.  Editor's comment: still desperately seeking the IT artifact , 2003 .

[29]  Ben Shneiderman,et al.  Designing The User Interface , 2013 .

[30]  Gordon B. Davis,et al.  User Acceptance of Information Technology: Toward a Unified View , 2003, MIS Q..

[31]  John McHugh,et al.  Defending Yourself: The Role of Intrusion Detection Systems , 2000, IEEE Software.

[32]  Iris Vessey,et al.  The effect of information presentation on decision making: A cost-benefit analysis , 1994, Inf. Manag..

[33]  Kulsoom Abdullah,et al.  Visualizing network data for intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[34]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[35]  Robert K. Cunningham,et al.  Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.

[36]  Karen Holtzblatt,et al.  Contextual design , 1997, INTR.

[37]  William Yurcik,et al.  NVisionIP: an interactive network flow visualization tool for security , 2004, 2004 IEEE International Conference on Systems, Man and Cybernetics (IEEE Cat. No.04CH37583).

[38]  Wm. Arthur Conklin Cyber Defense Competitions and Information Security Education: An Active Learning Solution for a Capstone Course , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[39]  William Stallings,et al.  Network Security Essentials: Applications and Standards , 1999 .

[40]  Richard L. Daft,et al.  Organizational information requirements, media richness and structural design , 1986 .

[41]  Ben Shneiderman,et al.  Readings in information visualization - using vision to think , 1999 .

[42]  Omar El Sawy,et al.  Building an Information System Design Theory for Vigilant EIS , 1992, Inf. Syst. Res..

[43]  Wayne G. Lutters,et al.  Preserving the big picture: visual network traffic analysis with TNV , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[44]  Kevin P. Scheibe,et al.  A Component-Based Framework for Visualization of Intrusion Detection Events , 2008, Inf. Secur. J. A Glob. Perspect..

[45]  D. Tsichritzis The dynamics of innovation , 1997 .

[46]  Julie A. Dickerson,et al.  Fuzzy feature extraction and visualization for intrusion detection , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[47]  I. Ajzen,et al.  Understanding Attitudes and Predicting Social Behavior , 1980 .

[48]  John Viega,et al.  Defcon Capture the Flag: defending vulnerable code from intense attack , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[49]  Raheem A. Beyah,et al.  Visual firewall: real-time network security monitor , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[50]  Yarden Livnat,et al.  A visualization paradigm for network intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[51]  L. Aiken Attitudes and Related Psychosocial Constructs: Theories, Assessment, and Research , 2002 .

[52]  Herbert A. Simon,et al.  The Sciences of the Artificial , 1970 .

[53]  A. Bandura Social Foundations of Thought and Action: A Social Cognitive Theory , 1985 .

[54]  R. Riding,et al.  Cognitive Styles and Learning Strategies , 2013 .

[55]  Kwan-Liu Ma,et al.  PortVis: a tool for port-based detection of security events , 2004, VizSEC/DMSEC '04.

[56]  E. Rogers,et al.  Diffusion of innovations , 1964, Encyclopedia of Sport Management.

[57]  B. Breitmeyer Parallel Processing in Human Vision: History, Review, and Critique , 1992 .

[58]  Download Book,et al.  Information Visualization in Data Mining and Knowledge Discovery , 2001 .

[59]  Dirk Reiners,et al.  Exploring three-dimensional visualization for intrusion detection , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[60]  Peter J. Denning,et al.  A new social contract for research , 1997, CACM.

[61]  Wanda J. Orlikowski,et al.  Research Commentary: Desperately Seeking the "IT" in IT Research - A Call to Theorizing the IT Artifact , 2001, Inf. Syst. Res..

[62]  Stephen Lau,et al.  The Spinning Cube of Potential Doom , 2004, CACM.

[63]  Stefano Foresti,et al.  Visual correlation of network alerts , 2006, IEEE Computer Graphics and Applications.

[64]  Chris North,et al.  Home-centric visualization of network traffic for security administration , 2004, VizSEC/DMSEC '04.

[65]  Deborah Estrin,et al.  Network Visualization with Nam, the VINT Network Animator , 2000, Computer.

[66]  Kofi Nyarko,et al.  Network intrusion visualization with NIVA, an intrusion detection visual analyzer with haptic integration , 2002, Proceedings 10th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems. HAPTICS 2002.

[67]  J. Beckmann,et al.  Action control : from cognition to behavior , 1985 .

[68]  Pairin Katerattanakul,et al.  Is information systems a reference discipline? , 2006, CACM.

[69]  Robert F. Erbacher,et al.  Intrusion behavior detection through visualization , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[70]  Alan R. Dennis,et al.  Using Geographical Information Systems for Decision Making: Extending Cognitive Fit Theory to Map-Based Presentations , 1998, Inf. Syst. Res..

[71]  William Stallings Network Security Essentials: Applications and Standards (3rd Edition) , 2006 .

[72]  Wayne G. Lutters,et al.  The Work of Intrusion Detection: Rethinking the Role of Security Analysts , 2004, AMCIS.

[73]  Mike Kuniavsky,et al.  Observing the User Experience: A Practitioner's Guide to User Research (Morgan Kaufmann Series in Interactive Technologies) (The Morgan Kaufmann Series in Interactive Technologies) , 2003 .

[74]  Giovanni Vigna,et al.  Intrusion detection: a brief history and overview , 2002 .

[75]  Erran Carmel,et al.  The Effectiveness of Different Representations for Managerial Problem Solving: Comparing Tables and Maps , 1997 .

[76]  Morgan Swink,et al.  Presenting Geographic Information: Effects of Data Aggregation, Dispersion, and Users' Spatial Orientation , 1999 .

[77]  Luca Chittaro,et al.  Information visualization and its application to medicine , 2001, Artif. Intell. Medicine.

[78]  Deborah Compeau,et al.  Computer Self-Efficacy: Development of a Measure and Initial Test , 1995, MIS Q..

[79]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[80]  J.R. Goodall User requirements and design of a visualization for intrusion detection analysis , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[81]  Fred D. Davis,et al.  A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies , 2000, Management Science.

[82]  Thomas P. Caudell,et al.  Immersive Network Monitoring , 2003 .

[83]  VesseyIris The effect of information presentation on decision making , 1994 .

[84]  Martin Bichler,et al.  Design science in information systems research , 2006, Wirtschaftsinf..

[85]  Ronald C. Dodge,et al.  Organized cyber defense competitions , 2004, IEEE International Conference on Advanced Learning Technologies, 2004. Proceedings..

[86]  Merike Kaeo Designing Network Security , 1999 .

[87]  Jane M. Howell,et al.  Personal Computing: Toward a Conceptual Model of Utilization , 1991, MIS Q..

[88]  Iris Vessey,et al.  Cognitive Fit: A Theory‐Based Analysis of the Graphs Versus Tables Literature* , 1991 .

[89]  Dennis F. Galletta,et al.  Cognitive Fit: An Empirical Study of Information Acquisition , 1991, Inf. Syst. Res..

[90]  Wayne G. Lutters,et al.  A user-centered approach to visualizing network traffic for intrusion detection , 2005, CHI Extended Abstracts.

[91]  Stephanie S. Barrett,et al.  Inter-Organization Information Sharing Systems , 1982, MIS Q..

[92]  Ed H. Chi A Framework for Visualizing Information , 2002, The Springer International Series on HCI.

[93]  John T. Stasko,et al.  IDS rainStorm: visualizing IDS alarms , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[94]  Gregory Stephens,et al.  Statistical profiling and visualization for detection of malicious insider attacks on computer networks , 2004, VizSEC/DMSEC '04.

[95]  John R. Goodall,et al.  A user-centered look at glyph-based security visualization , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[96]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[97]  William Wright Business Visualization Applications , 1997, IEEE Computer Graphics and Applications.

[98]  Giovanni Vigna Teaching Network Security Through Live Exercises , 2003, World Conference on Information Security Education.

[99]  Salvatore T. March,et al.  Design and natural science research on information technology , 1995, Decis. Support Syst..

[100]  Yan Gao,et al.  IDGraphs: intrusion detection and analysis using histographs , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[101]  Brenda L. Killingsworth,et al.  Is a map more than a picture? the role of SDSS technology, subject characteristics, and problem complexity on map reading and problem solving 1 , 2000 .

[102]  Dinesh C. Verma,et al.  Simplifying network administration using policy-based management , 2002, IEEE Netw..

[103]  Icek Ajzen,et al.  From Intentions to Actions: A Theory of Planned Behavior , 1985 .

[104]  Michael E. Whitman Enemy at the gate: threats to information security , 2003, CACM.

[105]  Douglas Jacobson,et al.  Cyber Defense Competition , 2006 .

[106]  Peter J. Denning,et al.  Beyond calculation - the next fifty years of computing , 1997 .

[107]  G. Dhillon,et al.  Technical opinion: Information system security management in the new millennium , 2000, CACM.