Title :
Visual correlation of host processes and network traffic
Author :
Fink, Glenn A. ; Muessig, Paul ; North, Chris
Author_Institution :
Virginia Polytech. Inst. & State Univ., USA
Abstract :
Anomalous communication patterns are one of the leading indicators of computer system intrusions according to the system administrators we have interviewed. But a major problem is being able to correlate across the host/network boundary to see how network connections are related to running processes on a host. This paper introduces Portall, a visualization tool that gives system administrators a view of the communicating processes on the monitored machine correlated with the network activity in which the processes participate. Portall is a prototype of part of the Network Eye framework we have introduced in an earlier paper (Ball, et al., 2004). We discuss the Portall visualization, the supporting infrastructure it requires, and a formative usability study we conducted to obtain administrators´ reactions to the tool.
Keywords :
computer network management; data visualisation; security of data; telecommunication security; Network Eye framework; Portall visualization; anomalous communication patterns; computer security; computer system intrusion; information visualization; network activity monitoring; network traffic; system administration; visual correlation; Computer security; Data security; Data visualization; Humans; Information security; Intrusion detection; Operating systems; Sockets; Telecommunication traffic; Usability;
Conference_Titel :
Visualization for Computer Security, 2005. (VizSEC 05). IEEE Workshop on
Print_ISBN :
0-7803-9477-1
DOI :
10.1109/VIZSEC.2005.1532061
