Title :
situ: Situational understanding and discovery for cyber attacks
Author :
Harrison, Lane ; Laska, Jason ; Spahn, Riley ; Iannacone, Mike ; Downing, Evan ; Ferragut, Erik M. ; Goodall, John R.
Author_Institution :
Oak Ridge National Laboratory, Oak Ridge, Tennessee, U.S.A.
Abstract :
Our entry into the VAST 2012 Mini Challenge 2 is a streaming visual analytic system that scores events based on anomalousness and maliciousness and presents each event to the user in a user-defined groupings in animated small-multiple views. The anomaly detection algorithm identifies low probability events, supporting awareness regarding atypical traffic patterns on the network. The maliciousness classifier incorporates both situated knowledge of an environment (policy and machine roles) and domain knowledge (encoded in the IDS alerts). We discuss the visualization design and classification techniques, as well as provide examples of timely detection from the challenge dataset.
Keywords :
H.5.2 [Information Interfaces & Presentations]: User Interfaces - Graphical User Interfaces (GUI); I.3.6 [Methodology and Techniques]; Interaction Techniques;
Conference_Titel :
Visual Analytics Science and Technology (VAST), 2012 IEEE Conference on
Conference_Location :
Seattle, WA
Print_ISBN :
978-1-4673-4752-5
DOI :
10.1109/VAST.2012.6400503
