مرکز منطقه ای اطلاع رساني علوم و فناوري - Pianola - Visualization of Multivariate Time-Series Security Event Data

DocumentCode :

650468

Title :

Pianola - Visualization of Multivariate Time-Series Security Event Data

Author :

Thomson, Andrew ; Graham, Mike ; Kennedy, Jessie

Author_Institution :

ECS Security Ltd., Edinburgh, UK

fYear :

2013

fDate :

16-18 July 2013

Firstpage :

123

Lastpage :

131

Abstract :

Monitoring log files for network intrusions is unwieldy. To build a mental model of the log, an analyst is required to recognise continuous timelines and attack patterns from a dataset that is essentially limited to an ordered list of events. Information Visualization techniques arrange data into directly perceivable visual patterns that may alleviate some overheads associated with interpreting these datasets and improve the ability of users, especially those in resource-stretched Small and Medium sized Businesses (SMBs), to make sense of activity patterns in Intrusion Detection System (IDS) event logs. To this end, we discuss existing network security visualizations for IDS logs and after examining the strengths and drawbacks of those applications we have prototyped a visualization tool, Pianola, that arranges events on multiple timelines to reveal patterns both in time and across a network. The tool was evaluated against the traditional use of command-line interface (CLI)-based tools for analyzing network security events and displayed significant improvements in both recognition and detection of attacks and reduction in the users´ subjective workload, measured using the NASA Task Load index (TLX).

Keywords :

data visualisation; security of data; small-to-medium enterprises; time series; CLI; IDS event logs; NASA task load index; Pianola visualization tool; SMBs; TLX; activity patterns; attack detection; attack patterns; command-line interface based tools; continuous timelines; information visualization techniques; intrusion detection system; log file monitoring; mental model; multivariate time-series security event data visualization; network security event analysis; network security visualizations; resource-stretched small and medium sized businesses; user subjective workload; visual patterns; information visualization; security visualization;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Information Visualisation (IV), 2013 17th International Conference

Conference_Location :

London

ISSN :

1550-6037

Type :

conf

DOI :

10.1109/IV.2013.15

Filename :

6676552

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=650468