A visualization tool for situational awareness of tactical and strategic security events on large and complex computer networks

Situational awareness of the state of military computer networks is important for both tactical battlefield operations and strategic command-and-control networks. While there have been successful efforts to visualize the state of individual network infrastructure components (routers, links) using SNMP and other network management tools, these systems do not focus on security. Although there have been multiple research proposals, to our knowledge there have only been two realized systems which attempt to visualize security events. Assessing the overall security of a large and complex network is an open problem due to the multidimensional data space. We present a tool, NVisionIP, that makes a direct contribution to solving this open problem. NVisionIP is unique from existing systems in that it simultaneously visualizes multidimensional characteristics of individual computers as well as their relationship to network-wide security events in an entire Class B IP address space.