• DocumentCode
    650468
  • Title

    Pianola - Visualization of Multivariate Time-Series Security Event Data

  • Author

    Thomson, Andrew ; Graham, Mike ; Kennedy, Jessie

  • Author_Institution
    ECS Security Ltd., Edinburgh, UK
  • fYear
    2013
  • fDate
    16-18 July 2013
  • Firstpage
    123
  • Lastpage
    131
  • Abstract
    Monitoring log files for network intrusions is unwieldy. To build a mental model of the log, an analyst is required to recognise continuous timelines and attack patterns from a dataset that is essentially limited to an ordered list of events. Information Visualization techniques arrange data into directly perceivable visual patterns that may alleviate some overheads associated with interpreting these datasets and improve the ability of users, especially those in resource-stretched Small and Medium sized Businesses (SMBs), to make sense of activity patterns in Intrusion Detection System (IDS) event logs. To this end, we discuss existing network security visualizations for IDS logs and after examining the strengths and drawbacks of those applications we have prototyped a visualization tool, Pianola, that arranges events on multiple timelines to reveal patterns both in time and across a network. The tool was evaluated against the traditional use of command-line interface (CLI)-based tools for analyzing network security events and displayed significant improvements in both recognition and detection of attacks and reduction in the users´ subjective workload, measured using the NASA Task Load index (TLX).
  • Keywords
    data visualisation; security of data; small-to-medium enterprises; time series; CLI; IDS event logs; NASA task load index; Pianola visualization tool; SMBs; TLX; activity patterns; attack detection; attack patterns; command-line interface based tools; continuous timelines; information visualization techniques; intrusion detection system; log file monitoring; mental model; multivariate time-series security event data visualization; network security event analysis; network security visualizations; resource-stretched small and medium sized businesses; user subjective workload; visual patterns; information visualization; security visualization;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Visualisation (IV), 2013 17th International Conference
  • Conference_Location
    London
  • ISSN
    1550-6037
  • Type

    conf

  • DOI
    10.1109/IV.2013.15
  • Filename
    6676552
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=650468