Visual correlation of network alerts

Author

Foresti, Stefano ; Agutter, James ; Livnat, Yarden ; Moon, Shaun ; Erbacher, Robert

Author_Institution

Utah Univ., Salt Lake City, UT, USA

Volume

26

Issue

2

fYear

2006

Firstpage

48

Lastpage

59

Abstract

The VisAlert visual correlation tool facilitates situational awareness in complex network environments by providing a holistic view of network security to help detect malicious activities. Information visualization techniques and methods in many applications have effectively increased operators´ situational awareness, letting them more effectively detect, diagnose, and treat anomalous conditions. Visualization elevates information comprehension by fostering rapid correlation and perceived associations. Our visualization technique integrates the information in log and alert files into an intuitive, flexible, extensible, and scalable visualization tool - VisAlert - that presents critical information concerning network activity in an integrated manner, increasing the user´s situational awareness.

Keywords

data visualisation; security of data; telecommunication security; VisAlert visual correlation tool; alert files; complex network environment; information visualization techniques; log files; network security; situational awareness; Computer crime; Computer worms; Computerized monitoring; Data security; Data visualization; Decision making; Humans; Intrusion detection; Large-scale systems; Scalability; Cybersecurity; Data Correlation; Network Intrusion; Network Monitoring; Situational Awareness; User Centered Design; Visualization; Computer Communication Networks; Computer Graphics; Information Storage and Retrieval; Signal Processing, Computer-Assisted; Software; User-Computer Interface;

fLanguage

English

Journal_Title

Computer Graphics and Applications, IEEE

Publisher

ieee

ISSN

0272-1716

Type

jour

DOI

10.1109/MCG.2006.49

Filename

1607921