Introduction to Visualization for Computer Security

Networked computers are ubiquitous, and are subject to attack, misuse, and abuse. Automated systems to combat this threat are one potential solution, but most automated systems require vigilant human oversight. This automated approach undervalues the strong analytic capabilities of humans. While automation affords opportunities for increased scalability, humans provide the ability to handle exceptions and novel patterns. One method to counteracting the ever increasing cyber threat is to provide the human security analysts with better tools to discover patterns, detect anomalies, identify correlations, and communicate their findings. This is what visualization for computer security (VizSec) researchers and developers are doing. VizSec is about putting robust information visualization tools into the hands of humans to take advantage of the power of the human perceptual and cognitive processes in solving computer security problems. This chapter is an introduction to the VizSec research community and the papers in this volume.

[1]  Gregory Conti Countering Security Analyst and Network Administrator Overload Through Alert and Packet Visualization , 2005 .

[2]  Stephen G. Eick,et al.  Seesoft-A Tool For Visualizing Line Oriented Software Statistics , 1992, IEEE Trans. Software Eng..

[3]  Ben Shneiderman,et al.  The eyes have it: a task by data type taxonomy for information visualizations , 1996, Proceedings 1996 IEEE Symposium on Visual Languages.

[4]  Wayne G. Lutters,et al.  Preserving the big picture: visual network traffic analysis with TNV , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[5]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[6]  William Yurcik,et al.  NVisionIP: netflow visualizations of system state for security situational awareness , 2004, VizSEC/DMSEC '04.

[7]  Wayne G. Lutters,et al.  Focusing on context in network traffic analysis , 2006, IEEE Computer Graphics and Applications.

[8]  Ratna Bearavolu,et al.  Closing-the-loop: discovery and search in security visualizations , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[9]  Ben Shneiderman,et al.  Visual information seeking using the FilmFinder , 1994, CHI Conference Companion.

[10]  Gregory J. Conti,et al.  Visual exploration of malicious network objects using semantic zoom, interactive encoding and dynamic queries , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[11]  John T. Stasko,et al.  IDS rainStorm: visualizing IDS alarms , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[12]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[13]  Ben Shneiderman,et al.  Treemaps for space-constrained visualization of hierarchies , 2005 .

[14]  John T. Stasko,et al.  Countering security information overload through alert and packet visualization , 2006, IEEE Computer Graphics and Applications.

[15]  John McHugh,et al.  Intrusion and intrusion detection , 2001, International Journal of Information Security.

[16]  Yarden Livnat,et al.  A visualization paradigm for network intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[17]  John A. Copeland,et al.  Flowtag: a collaborative attack-analysis, reporting, and sharing tool for security researchers , 2006, VizSEC '06.

[18]  Shaun Moon,et al.  Visual correlation for situational awareness , 2005, IEEE Symposium on Information Visualization, 2005. INFOVIS 2005..

[19]  C. Stoll The Cuckoo's Egg : Tracking a Spy Through the Maze of Computer Espionage , 1990 .

[20]  Salvatore J. Stolfo,et al.  Adaptive Intrusion Detection: A Data Mining Approach , 2000, Artificial Intelligence Review.

[21]  Ben Shneiderman,et al.  Tree visualization with tree-maps: 2-d space-filling approach , 1992, TOGS.