Pianola - visualization of multivariate time-series security event data.

Thomson, Alistair; Graham, Martin; Kennedy, Jessie

doi:10.1109/IV.2013.15

Pianola - visualization of multivariate time-series security event data.

Thomson, Alistair; Graham, Martin; Kennedy, Jessie

Authors

Alistair Thomson

Martin Graham

Prof Jessie Kennedy J.Kennedy@napier.ac.uk
Emeritus Professor

Abstract

Monitoring log files for network intrusions is unwieldy. To build a mental model of the log, an analyst is required to recognise continuous timelines and attack patterns from a dataset that is essentially limited to an ordered list of events. Information Visualization techniques arrange data into directly perceivable visual patterns that may alleviate some overheads associated with interpreting these datasets and improve the ability of users, especially those in resource-stretched Small and Medium sized Businesses (SMBs), to make sense of activity patterns in Intrusion Detection System (IDS) event logs. To this end, we discuss existing network security visualizations for IDS logs and after examining the strengths and drawbacks of those applications we have prototyped a visualization tool, Pianola, that arranges events on multiple timelines to reveal patterns both in time and across a network. The tool was evaluated against the traditional use of command-line interface (CLI)-based tools for analyzing network security events and displayed significant improvements in both recognition and detection of attacks and reduction in the users’ subjective workload, measured using the NASA Task Load index (TLX).

Citation

Thomson, A., Graham, M., & Kennedy, J. (2013, July). Pianola - visualization of multivariate time-series security event data. Presented at 17th International Conference on Information Visualisation

Conference Name	17th International Conference on Information Visualisation
Start Date	Jul 15, 2013
End Date	Jul 18, 2013
Publication Date	2013
Deposit Date	Nov 6, 2013
Publicly Available Date	Dec 31, 2013
Peer Reviewed	Peer Reviewed
Pages	123-131
Book Title	Proceedings of IV2013
ISBN	978-0-7695-5049-7
DOI	https://doi.org/10.1109/IV.2013.15
Keywords	Information visualization; security; visualization;
Public URL	http://researchrepository.napier.ac.uk/id/eprint/6453
Contract Date	Nov 6, 2013