E-Book, Englisch, 273 Seiten
Goodall / Conti / Ma VizSEC 2007
1. Auflage 2008
ISBN: 978-3-540-78243-8
Verlag: Springer Berlin Heidelberg
Format: PDF
Kopierschutz: 1 - PDF Watermark
Proceedings of the Workshop on Visualization for Computer Security
E-Book, Englisch, 273 Seiten
Reihe: Mathematics and Visualization
ISBN: 978-3-540-78243-8
Verlag: Springer Berlin Heidelberg
Format: PDF
Kopierschutz: 1 - PDF Watermark
Networked computers are ubiquitous, and are subject to attack, misuse, and abuse. One method to counteracting this cyber threat is to provide security analysts with better tools to discover patterns, detect anomalies, identify correlations, and communicate their findings. Visualization for computer security (VizSec) researchers and developers are doing just that. VizSec is about putting robust information visualization tools into the hands of human analysts to take advantage of the power of the human perceptual and cognitive processes in solving computer security problems. This volume collects the papers presented at the 4th International Workshop on Computer Security - VizSec 2007.
Autoren/Hrsg.
Weitere Infos & Material
1;Preface;5
2;Acknowledgements;7
3;Contents;9
4;Introduction to Visualization for Computer Security;16
4.1;1 Computer Security;16
4.2;2 Information Visualization;18
4.3;3 Visualization for Computer Network Defense;20
4.4;4 Papers in This Volume;26
4.5;5 Conclusion;30
4.6;References;31
5;The Real Work of Computer Network Defense Analysts;34
5.1;1 Introduction;34
5.2;2 Related Work;35
5.3;3 Methods;37
5.4;4 Findings;38
5.5;5 Implications for Visualization;48
5.6;References;51
6;Adapting Personas for Use in Security Visualization Design;54
6.1;1 Introduction;54
6.2;2 Overview of the Personas Method and Related Work;55
6.3;3 Case Study: First Look;58
6.4;4 Application to Security Visualizations;64
6.5;5 Conclusion;66
6.6;References;66
7;Measuring the Complexity of Computer Security Visualization Designs;68
7.1;1 Introduction;68
7.2;2 Related Work;69
7.3;3 Technical Approach;70
7.4;4 Future Work;80
7.5;5 Conclusion;80
7.6;References;81
8;Integrated Environment Management for Information Operations Testbeds;82
8.1;1 Introduction;82
8.2;2 Related Work;83
8.3;3 Technical Approach;85
8.4;4 Future Work;95
8.5;5 Conclusions;96
8.6;References;97
9;Visual Analysis of Network Flow Data with Timelines and Event Plots;100
9.1;1 Introduction;100
9.2;2 Network Flow Data;101
9.3;3 The Investigation Process;102
9.4;4 FlowMaps;103
9.5;5 Progressive Multiples of Timelines and Event Plots;104
9.6;6 A Case of Mysterious IRC Traf.c;105
9.7;7 Related Work;111
9.8;8 Future Work and Conclusions;113
9.9;References;113
10;NetBytes Viewer: An Entity-Based NetFlow Visualization Utility for Identifying Intrusive Behavior;116
10.1;1 Introduction;116
10.2;2 Related Work;117
10.3;3 Technical Approach;120
10.4;4 Future Work;128
10.5;5 Conclusions;129
10.6;References;129
11;Visual Analysis of Corporate Network Intelligence: Abstracting and Reasoning on Yesterdays for Acting Today;130
11.1;1 Introduction;130
11.2;2 Background;132
11.3;3 On the Need to Support Visual Analysis;133
11.4;4 User and Application Centric Views of the Corporate Network;137
11.5;5 Alarm/Event Centric Views;141
11.6;6 Limitations and Challenges;143
11.7;7 Conclusion;144
11.8;References;144
12;Visualizing Network Security Events Using Compound Glyphs from a Service- Oriented Perspective;146
12.1;1 Introduction;146
12.2;2 Related Work;148
12.3;3 Technical Approach;149
12.4;4 Future Work;159
12.5;5 Conclusions;160
12.6;References;160
13;High Level Internet Scale Trafic Visualization Using Hilbert Curve Mapping;162
13.1;1 Introduction;162
13.2;2 Related Work;163
13.3;3 Technical Approach;165
13.4;4 Results;166
13.5;5 Future Work;171
13.6;6 Conclusions;172
13.7;References;173
14;VisAlert: From Idea to Product;174
14.1;1 Introduction;174
14.2;2 Related Work;176
14.3;3 Technical Approach;178
14.4;4 Future Work;186
14.5;5 Conclusions;187
14.6;References;189
15;Visually Understanding Jam Resistant Communication;190
15.1;1 Introduction;190
15.2;2 Related Work;191
15.3;3 Technical Approach;194
15.4;4 Future Work;199
15.5;5 Conclusions;200
15.6;References;201
16;Visualization of Host Behavior for Network Security;202
16.1;1 Introduction;202
16.2;2 Related Work;204
16.3;3 Technical Approach;206
16.4;4 Future Work;215
16.5;5 Conclusions;215
16.6;References;216
17;Putting Security in Context: Visual Correlation of Network Activity with Real- World Information;218
17.1;1 Introduction;218
17.2;2 Related Work;219
17.3;3 Technical Approach;221
17.4;4 Future Work;232
17.5;5 Conclusions;233
17.6;References;234
18;An Interactive Attack Graph Cascade and Reachability Display;236
18.1;1 Introduction;236
18.2;2 Related Work;237
18.3;3 Technical Approach;239
18.4;4 Future Work;247
18.5;5 Conclusions;249
18.6;References;250
19;Intelligent Classification and Visualization of Network Scans;252
19.1;1 Introduction;252
19.2;2 Related Work;254
19.3;3 Technical Approach;255
19.4;4 Future Work;265
19.5;5 Conclusions;266
19.6;References;267
20;Using InetVis to Evaluate Snort and Bro Scan Detection on a Network Telescope;270
20.1;1 Introduction;270
20.2;2 Related Work;272
20.3;3 InetVis Network Trafic Visualisation;274
20.4;4 Investigative Methodology;276
20.5;5 Results and Analysis;279
20.6;6 Future Work;285
20.7;7 Conclusion;286
20.8;References;286
