Skip to main content

Research Repository

Advanced Search

Pianola - visualization of multivariate time-series security event data.

Thomson, Alistair; Graham, Martin; Kennedy, Jessie

Authors

Alistair Thomson

Martin Graham



Abstract

Monitoring log files for network intrusions is unwieldy. To build a mental model of the log, an analyst is required to recognise continuous timelines and attack patterns from a dataset that is essentially limited to an ordered list of events. Information Visualization techniques arrange data into directly perceivable visual patterns that may alleviate some overheads associated with interpreting these datasets and improve the ability of users, especially those in resource-stretched Small and Medium sized Businesses (SMBs), to make sense of activity patterns in Intrusion Detection System (IDS) event logs. To this end, we discuss existing network security visualizations for IDS logs and after examining the strengths and drawbacks of those applications we have prototyped a visualization tool, Pianola, that arranges events on multiple timelines to reveal patterns both in time and across a network. The tool was evaluated against the traditional use of command-line interface (CLI)-based tools for analyzing network security events and displayed significant improvements in both recognition and detection of attacks and reduction in the users’ subjective workload, measured using the NASA Task Load index (TLX).

Conference Name 17th International Conference on Information Visualisation
Start Date Jul 15, 2013
End Date Jul 18, 2013
Publication Date 2013
Deposit Date Nov 6, 2013
Publicly Available Date Dec 31, 2013
Peer Reviewed Peer Reviewed
Pages 123-131
Book Title Proceedings of IV2013
ISBN 978-0-7695-5049-7
DOI https://doi.org/10.1109/IV.2013.15
Keywords Information visualization; security; visualization;
Public URL http://researchrepository.napier.ac.uk/id/eprint/6453
Publisher URL http://dx.doi.org/10.1109/IV.2013.15
Contract Date Nov 6, 2013

Files









You might also like



Downloadable Citations