TY - GEN
T1 - SpiralView
T2 - VAST IEEE Symposium on Visual Analytics Science and Technology 2007
AU - Bertini, Enrico
AU - Hertzog, Patrick
AU - Laianne, Denis
PY - 2007
Y1 - 2007
N2 - This article presents SpiralView, a visualization tool for helping system administrators to assess network policies. The tool is meant to be a complementary support to the routine activity of network monitoring, enabling a retrospective view on the alarms generated during and extended period of time. The tool permits to reason about how alarms distribute over time and how they correlate with network resources (e.g., users, IPs, applications, etc.), supporting the analysts in understanding how the network evolves and thus in devising new security policies for the future. The spiral visualization plots alarms in time, and, coupled with interactive bar charts and a users/applications graph view, is used to present network data and perform queries. The user is able to segment the data in meaning-ful subsets, zoom on specific related information, and inspect for relationships between alarms, users, and applications. In designing the visualizations and their interaction, and through tests with security experts, several ameliorations over the standard techniques have been provided.
AB - This article presents SpiralView, a visualization tool for helping system administrators to assess network policies. The tool is meant to be a complementary support to the routine activity of network monitoring, enabling a retrospective view on the alarms generated during and extended period of time. The tool permits to reason about how alarms distribute over time and how they correlate with network resources (e.g., users, IPs, applications, etc.), supporting the analysts in understanding how the network evolves and thus in devising new security policies for the future. The spiral visualization plots alarms in time, and, coupled with interactive bar charts and a users/applications graph view, is used to present network data and perform queries. The user is able to segment the data in meaning-ful subsets, zoom on specific related information, and inspect for relationships between alarms, users, and applications. In designing the visualizations and their interaction, and through tests with security experts, several ameliorations over the standard techniques have been provided.
KW - Data exploration
KW - Intrusion detection
KW - Network security
KW - Visualization
UR - http://www.scopus.com/inward/record.url?scp=47349099942&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=47349099942&partnerID=8YFLogxK
U2 - 10.1109/VAST.2007.4389007
DO - 10.1109/VAST.2007.4389007
M3 - Conference contribution
AN - SCOPUS:47349099942
SN - 9781424416592
T3 - VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings
SP - 139
EP - 146
BT - VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings
Y2 - 30 October 2007 through 1 November 2007
ER -