SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms

Enrico Bertini; Patrick Hertzog; Denis Laianne

doi:10.1109/VAST.2007.4389007

SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms

Enrico Bertini, Patrick Hertzog, Denis Laianne

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

This article presents SpiralView, a visualization tool for helping system administrators to assess network policies. The tool is meant to be a complementary support to the routine activity of network monitoring, enabling a retrospective view on the alarms generated during and extended period of time. The tool permits to reason about how alarms distribute over time and how they correlate with network resources (e.g., users, IPs, applications, etc.), supporting the analysts in understanding how the network evolves and thus in devising new security policies for the future. The spiral visualization plots alarms in time, and, coupled with interactive bar charts and a users/applications graph view, is used to present network data and perform queries. The user is able to segment the data in meaning-ful subsets, zoom on specific related information, and inspect for relationships between alarms, users, and applications. In designing the visualizations and their interaction, and through tests with security experts, several ameliorations over the standard techniques have been provided.

Original language	English (US)
Title of host publication	VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings
Pages	139-146
Number of pages	8
DOIs	https://doi.org/10.1109/VAST.2007.4389007
State	Published - 2007
Event	VAST IEEE Symposium on Visual Analytics Science and Technology 2007 - Sacramento, CA, United States Duration: Oct 30 2007 → Nov 1 2007

Publication series

Name	VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings

Other

Other	VAST IEEE Symposium on Visual Analytics Science and Technology 2007
Country	United States
City	Sacramento, CA
Period	10/30/07 → 11/1/07

Keywords

Data exploration
Intrusion detection
Network security
Visualization

ASJC Scopus subject areas

Computer Science(all)
Computer Science Applications

Access to Document

10.1109/VAST.2007.4389007

Fingerprint Dive into the research topics of 'SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms'. Together they form a unique fingerprint.

Cite this

Bertini, E., Hertzog, P., & Laianne, D. (2007). SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms. In VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings (pp. 139-146). [4389007] (VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings). https://doi.org/10.1109/VAST.2007.4389007

SpiralView : Towards security policies assessment through visual correlation of network resources with evolution of alarms. / Bertini, Enrico; Hertzog, Patrick; Laianne, Denis.

VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings. 2007. p. 139-146 4389007 (VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Bertini, E, Hertzog, P & Laianne, D 2007, SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms. in VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings., 4389007, VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings, pp. 139-146, VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Sacramento, CA, United States, 10/30/07. https://doi.org/10.1109/VAST.2007.4389007

Bertini E, Hertzog P, Laianne D. SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms. In VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings. 2007. p. 139-146. 4389007. (VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings). https://doi.org/10.1109/VAST.2007.4389007

@inproceedings{649aebbcbe0b4201a7e5a9afaa2a2323,

title = "SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms",

abstract = "This article presents SpiralView, a visualization tool for helping system administrators to assess network policies. The tool is meant to be a complementary support to the routine activity of network monitoring, enabling a retrospective view on the alarms generated during and extended period of time. The tool permits to reason about how alarms distribute over time and how they correlate with network resources (e.g., users, IPs, applications, etc.), supporting the analysts in understanding how the network evolves and thus in devising new security policies for the future. The spiral visualization plots alarms in time, and, coupled with interactive bar charts and a users/applications graph view, is used to present network data and perform queries. The user is able to segment the data in meaning-ful subsets, zoom on specific related information, and inspect for relationships between alarms, users, and applications. In designing the visualizations and their interaction, and through tests with security experts, several ameliorations over the standard techniques have been provided.",

keywords = "Data exploration, Intrusion detection, Network security, Visualization",

author = "Enrico Bertini and Patrick Hertzog and Denis Laianne",

year = "2007",

doi = "10.1109/VAST.2007.4389007",

language = "English (US)",

isbn = "9781424416592",

series = "VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings",

pages = "139--146",

booktitle = "VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings",

note = "VAST IEEE Symposium on Visual Analytics Science and Technology 2007 ; Conference date: 30-10-2007 Through 01-11-2007",

}

TY - GEN

T1 - SpiralView

T2 - VAST IEEE Symposium on Visual Analytics Science and Technology 2007

AU - Bertini, Enrico

AU - Hertzog, Patrick

AU - Laianne, Denis

PY - 2007

Y1 - 2007

N2 - This article presents SpiralView, a visualization tool for helping system administrators to assess network policies. The tool is meant to be a complementary support to the routine activity of network monitoring, enabling a retrospective view on the alarms generated during and extended period of time. The tool permits to reason about how alarms distribute over time and how they correlate with network resources (e.g., users, IPs, applications, etc.), supporting the analysts in understanding how the network evolves and thus in devising new security policies for the future. The spiral visualization plots alarms in time, and, coupled with interactive bar charts and a users/applications graph view, is used to present network data and perform queries. The user is able to segment the data in meaning-ful subsets, zoom on specific related information, and inspect for relationships between alarms, users, and applications. In designing the visualizations and their interaction, and through tests with security experts, several ameliorations over the standard techniques have been provided.

AB - This article presents SpiralView, a visualization tool for helping system administrators to assess network policies. The tool is meant to be a complementary support to the routine activity of network monitoring, enabling a retrospective view on the alarms generated during and extended period of time. The tool permits to reason about how alarms distribute over time and how they correlate with network resources (e.g., users, IPs, applications, etc.), supporting the analysts in understanding how the network evolves and thus in devising new security policies for the future. The spiral visualization plots alarms in time, and, coupled with interactive bar charts and a users/applications graph view, is used to present network data and perform queries. The user is able to segment the data in meaning-ful subsets, zoom on specific related information, and inspect for relationships between alarms, users, and applications. In designing the visualizations and their interaction, and through tests with security experts, several ameliorations over the standard techniques have been provided.

KW - Data exploration

KW - Intrusion detection

KW - Network security

KW - Visualization

UR - http://www.scopus.com/inward/record.url?scp=47349099942&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=47349099942&partnerID=8YFLogxK

U2 - 10.1109/VAST.2007.4389007

DO - 10.1109/VAST.2007.4389007

M3 - Conference contribution

AN - SCOPUS:47349099942

SN - 9781424416592

T3 - VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings

SP - 139

EP - 146

BT - VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings

Y2 - 30 October 2007 through 1 November 2007

ER -