Sage Journals: Discover world-class research

Abstract

After several knowledge elicitation activities with intrusion detection system analysts, two different techniques were used to generate visualizations that best portrayed the most important information relevant to a cyber security task. These two visualization techniques (parallel coordinates and scatter plots) were then compared for their effectiveness in portraying potential attack patterns to novices. Both visualization types were varied by levels of distortion and complexity to determine their robustness. A total of 44 volunteers participated in the study. Results showed that participants experienced quicker response times for all distortion and complexity levels when viewing the scatter plots. Accuracy results were mixed. Lessons learned and future research ideas are discussed.

Get full access to this article

View all access options for this article.

References

Conti

(2007). Security Data Visualizations: Graphical Techniques for Network Analysis. San Francisco: No Starch Press.

D’Amico

Tesone

Whitley

O’Brien

Roth

(2008). Understanding the Cyber Defender: A Cognitive Task Analysis of Information Assurance Analysts (Report No. CSA-CTA-1). Northport, NY: Secure Decisions.

Goodall

J. R.

(2005). User requirements and design of a visualization for intrusion detection analysis. Proceedings of the 2005 IEEE Workshop on Information Assurance and Security (pp. 394-401).

Grinstein

Cook

Havig

Liggett

Nebesh

Whiting

Whitley

Koneci

(2011). VAST 2011 challenge: Cyber security and epidemic. IEEE VAST 2011. (pp. 299-301)

Harrison

(2012, November). The future of security visualization: Lessons from network visualization. IEEE Network, 26(6), 6-11.

Inselberg

Dimsdale

(1991). Parallel coordinates. In Klinger

(Ed.) Human-Machine Interactive Systems (pp. 199-233). US: Springer.

Leopold

(2013). Dempsey says cyberattacks are the new normal. Defense Systems, 7(5), 28.

Livnat

Agutter

Moon

Erbacher

R. F.

Foresti

(2005). A visualization paradigm for network intrusion detection. Proceedings of the 2005 IEEE Workshop on Information Assurance and Security (pp. 92-99).

Marty

(2009). Applied Security Visualization. Boston: Addison-Wesley.

10.

Ponemon Institute. (2013). 2013 Cost of Cyber Crime Study: United States, Sponsored by HP Enterprise Security. Retrieved from http://media.scmagazine.com/documents/54/2013_us_ccc_report_final_6-1_13455.pdf

11.

Shiravi

Ghorbani

A. A.

(2012). A survey of visualization systems for network security. IEEE Transactions on Visualization and Computer Graphics, 18(8), 1313-1329.

12.

White hats to the rescue: Law-abiding hackers are helping businesses to fight off the bad guys. (2014). Economist. Retrieved from http://www.economist.com/news/business/21596984-law-abiding-hackers-are-helping-businesses-fight-bad-guys-white-hats-rescue

Determining the Effectiveness of Visualization Techniques for Representing Intrusion Detection System Log Files

Abstract

Get full access to this article

References