Alistair Thomson
Pianola - visualization of multivariate time-series security event data.
Thomson, Alistair; Graham, Martin; Kennedy, Jessie
Abstract
Monitoring log files for network intrusions is unwieldy. To build a mental model of the log, an analyst is required to recognise continuous timelines and attack patterns from a dataset that is essentially limited to an ordered list of events. Information Visualization techniques arrange data into directly perceivable visual patterns that may alleviate some overheads associated with interpreting these datasets and improve the ability of users, especially those in resource-stretched Small and Medium sized Businesses (SMBs), to make sense of activity patterns in Intrusion Detection System (IDS) event logs. To this end, we discuss existing network security visualizations for IDS logs and after examining the strengths and drawbacks of those applications we have prototyped a visualization tool, Pianola, that arranges events on multiple timelines to reveal patterns both in time and across a network. The tool was evaluated against the traditional use of command-line interface (CLI)-based tools for analyzing network security events and displayed significant improvements in both recognition and detection of attacks and reduction in the users’ subjective workload, measured using the NASA Task Load index (TLX).
| Conference Name | 17th International Conference on Information Visualisation |
|---|---|
| Start Date | Jul 15, 2013 |
| End Date | Jul 18, 2013 |
| Publication Date | 2013 |
| Deposit Date | Nov 6, 2013 |
| Publicly Available Date | Dec 31, 2013 |
| Peer Reviewed | Peer Reviewed |
| Pages | 123-131 |
| Book Title | Proceedings of IV2013 |
| ISBN | 978-0-7695-5049-7 |
| DOI | https://doi.org/10.1109/IV.2013.15 |
| Keywords | Information visualization; security; visualization; |
| Public URL | http://researchrepository.napier.ac.uk/id/eprint/6453 |
| Publisher URL | http://dx.doi.org/10.1109/IV.2013.15 |
| Contract Date | Nov 6, 2013 |
Files
PianolaIV13IEEEFormatx.pdf
(697 Kb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by-nc/4.0/
You might also like
VIPER: a visualisation tool for exploring inheritance inconsistencies in genotyped pedigrees
(2012)
Journal Article
Visualising errors in animal pedigree genotype data
(2011)
Journal Article
A survey of multiple tree visualisation.
(2010)
Journal Article
Visual Exploration of Alternative Taxonomies through Concepts
(2007)
Journal Article
Exploring multiple trees through DAG representations
(2007)
Journal Article
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search