SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms

Enrico Bertini, Patrick Hertzog, Denis Laianne

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    This article presents SpiralView, a visualization tool for helping system administrators to assess network policies. The tool is meant to be a complementary support to the routine activity of network monitoring, enabling a retrospective view on the alarms generated during and extended period of time. The tool permits to reason about how alarms distribute over time and how they correlate with network resources (e.g., users, IPs, applications, etc.), supporting the analysts in understanding how the network evolves and thus in devising new security policies for the future. The spiral visualization plots alarms in time, and, coupled with interactive bar charts and a users/applications graph view, is used to present network data and perform queries. The user is able to segment the data in meaning-ful subsets, zoom on specific related information, and inspect for relationships between alarms, users, and applications. In designing the visualizations and their interaction, and through tests with security experts, several ameliorations over the standard techniques have been provided.

    Original languageEnglish (US)
    Title of host publicationVAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings
    Pages139-146
    Number of pages8
    DOIs
    StatePublished - 2007
    EventVAST IEEE Symposium on Visual Analytics Science and Technology 2007 - Sacramento, CA, United States
    Duration: Oct 30 2007Nov 1 2007

    Publication series

    NameVAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings

    Other

    OtherVAST IEEE Symposium on Visual Analytics Science and Technology 2007
    CountryUnited States
    CitySacramento, CA
    Period10/30/0711/1/07

    Keywords

    • Data exploration
    • Intrusion detection
    • Network security
    • Visualization

    ASJC Scopus subject areas

    • Computer Science(all)
    • Computer Science Applications

    Fingerprint Dive into the research topics of 'SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms'. Together they form a unique fingerprint.

  • Cite this

    Bertini, E., Hertzog, P., & Laianne, D. (2007). SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms. In VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings (pp. 139-146). [4389007] (VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings). https://doi.org/10.1109/VAST.2007.4389007