SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms

Enrico Bertini, Patrick Hertzog, Denis Laianne

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    This article presents SpiralView, a visualization tool for helping system administrators to assess network policies. The tool is meant to be a complementary support to the routine activity of network monitoring, enabling a retrospective view on the alarms generated during and extended period of time. The tool permits to reason about how alarms distribute over time and how they correlate with network resources (e.g., users, IPs, applications, etc.), supporting the analysts in understanding how the network evolves and thus in devising new security policies for the future. The spiral visualization plots alarms in time, and, coupled with interactive bar charts and a users/applications graph view, is used to present network data and perform queries. The user is able to segment the data in meaning-ful subsets, zoom on specific related information, and inspect for relationships between alarms, users, and applications. In designing the visualizations and their interaction, and through tests with security experts, several ameliorations over the standard techniques have been provided.

    Original languageEnglish (US)
    Title of host publicationVAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings
    Pages139-146
    Number of pages8
    DOIs
    StatePublished - 2007
    EventVAST IEEE Symposium on Visual Analytics Science and Technology 2007 - Sacramento, CA, United States
    Duration: Oct 30 2007Nov 1 2007

    Other

    OtherVAST IEEE Symposium on Visual Analytics Science and Technology 2007
    CountryUnited States
    CitySacramento, CA
    Period10/30/0711/1/07

    Fingerprint

    Visualization
    Monitoring

    Keywords

    • Data exploration
    • Intrusion detection
    • Network security
    • Visualization

    ASJC Scopus subject areas

    • Computer Science(all)
    • Computer Science Applications

    Cite this

    Bertini, E., Hertzog, P., & Laianne, D. (2007). SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms. In VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings (pp. 139-146). [4389007] https://doi.org/10.1109/VAST.2007.4389007

    SpiralView : Towards security policies assessment through visual correlation of network resources with evolution of alarms. / Bertini, Enrico; Hertzog, Patrick; Laianne, Denis.

    VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings. 2007. p. 139-146 4389007.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Bertini, E, Hertzog, P & Laianne, D 2007, SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms. in VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings., 4389007, pp. 139-146, VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Sacramento, CA, United States, 10/30/07. https://doi.org/10.1109/VAST.2007.4389007
    Bertini E, Hertzog P, Laianne D. SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms. In VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings. 2007. p. 139-146. 4389007 https://doi.org/10.1109/VAST.2007.4389007
    Bertini, Enrico ; Hertzog, Patrick ; Laianne, Denis. / SpiralView : Towards security policies assessment through visual correlation of network resources with evolution of alarms. VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings. 2007. pp. 139-146
    @inproceedings{649aebbcbe0b4201a7e5a9afaa2a2323,
    title = "SpiralView: Towards security policies assessment through visual correlation of network resources with evolution of alarms",
    abstract = "This article presents SpiralView, a visualization tool for helping system administrators to assess network policies. The tool is meant to be a complementary support to the routine activity of network monitoring, enabling a retrospective view on the alarms generated during and extended period of time. The tool permits to reason about how alarms distribute over time and how they correlate with network resources (e.g., users, IPs, applications, etc.), supporting the analysts in understanding how the network evolves and thus in devising new security policies for the future. The spiral visualization plots alarms in time, and, coupled with interactive bar charts and a users/applications graph view, is used to present network data and perform queries. The user is able to segment the data in meaning-ful subsets, zoom on specific related information, and inspect for relationships between alarms, users, and applications. In designing the visualizations and their interaction, and through tests with security experts, several ameliorations over the standard techniques have been provided.",
    keywords = "Data exploration, Intrusion detection, Network security, Visualization",
    author = "Enrico Bertini and Patrick Hertzog and Denis Laianne",
    year = "2007",
    doi = "10.1109/VAST.2007.4389007",
    language = "English (US)",
    isbn = "9781424416592",
    pages = "139--146",
    booktitle = "VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings",

    }

    TY - GEN

    T1 - SpiralView

    T2 - Towards security policies assessment through visual correlation of network resources with evolution of alarms

    AU - Bertini, Enrico

    AU - Hertzog, Patrick

    AU - Laianne, Denis

    PY - 2007

    Y1 - 2007

    N2 - This article presents SpiralView, a visualization tool for helping system administrators to assess network policies. The tool is meant to be a complementary support to the routine activity of network monitoring, enabling a retrospective view on the alarms generated during and extended period of time. The tool permits to reason about how alarms distribute over time and how they correlate with network resources (e.g., users, IPs, applications, etc.), supporting the analysts in understanding how the network evolves and thus in devising new security policies for the future. The spiral visualization plots alarms in time, and, coupled with interactive bar charts and a users/applications graph view, is used to present network data and perform queries. The user is able to segment the data in meaning-ful subsets, zoom on specific related information, and inspect for relationships between alarms, users, and applications. In designing the visualizations and their interaction, and through tests with security experts, several ameliorations over the standard techniques have been provided.

    AB - This article presents SpiralView, a visualization tool for helping system administrators to assess network policies. The tool is meant to be a complementary support to the routine activity of network monitoring, enabling a retrospective view on the alarms generated during and extended period of time. The tool permits to reason about how alarms distribute over time and how they correlate with network resources (e.g., users, IPs, applications, etc.), supporting the analysts in understanding how the network evolves and thus in devising new security policies for the future. The spiral visualization plots alarms in time, and, coupled with interactive bar charts and a users/applications graph view, is used to present network data and perform queries. The user is able to segment the data in meaning-ful subsets, zoom on specific related information, and inspect for relationships between alarms, users, and applications. In designing the visualizations and their interaction, and through tests with security experts, several ameliorations over the standard techniques have been provided.

    KW - Data exploration

    KW - Intrusion detection

    KW - Network security

    KW - Visualization

    UR - http://www.scopus.com/inward/record.url?scp=47349099942&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=47349099942&partnerID=8YFLogxK

    U2 - 10.1109/VAST.2007.4389007

    DO - 10.1109/VAST.2007.4389007

    M3 - Conference contribution

    AN - SCOPUS:47349099942

    SN - 9781424416592

    SP - 139

    EP - 146

    BT - VAST IEEE Symposium on Visual Analytics Science and Technology 2007, Proceedings

    ER -