Type of Publication: Conference Proceedings
Authors: Asaf Shabtai, , Yuval Shahar, Yuval Elovici
Title: An Intelligent, Interactive Tool for Exploration and Visualization of Time-Oriented Security Data
ConferenceName: ACM Workshop on Visualization for Computer Security (VizSEC2006), Virginia, USA, November 3 2006
Publication: Proceedings of the 3rd International Workshop on Visualization for Computer Security, VizSEC'06. Co-located with the 13th ACM Conference on Computer and Communications Security, CCS'06
Year: 2006
Pages: 15 - 22

The detection of known and un-known attacks usually requires the interpretation and presentation of very large amounts of timeoriented security data. Using regular means for displaying the data, such as text or tables, is often ineffective. Furthermore, displaying only raw data is not sufficient, because the security expert is still required to derive meaningful conclusions from large amounts of data. In addition, in many cases (e.g., for detecting a virus spreading in the network), an aggregated view of multiple network devices is more effective than a view of each individual device. In this paper we propose an intelligent interface used by a distributed architecture that was described in our previous work, specific to the tasks of knowledge-based interpretation, summarization, query, visualization and interactive exploration of large numbers of time-oriented data. In order to support the interpretation and computation process, we provide automated mechanisms that perform derivation of contextspecific, interval-based abstract interpretations (also known as Temporal Abstractions) from raw time-stamped security data, by using a domain-specific knowledge-base (e.g., a period of 5 hours, during the night, of a high number of FTP connections within the context of No User Activity, which might indicate the existence of a Trojan in the computer). The proposed visualization tool includes several functionalities for querying, visualization and exploration of both raw and bstracted time-oriented security data regarding single and multiple network devices.

Keywords: Intelligent Visualization, Security, Knowledge-Based Systems, Temporal-Abstraction, Human-Computer Interaction
Last Updated: 10/5/2008 11:48:35 AM
Powered by Rami Palombo © 2005
Search in: Google Scholar  |  Scitation