Title :
Visual correlation of network alerts
Author :
Foresti, Stefano ; Agutter, James ; Livnat, Yarden ; Moon, Shaun ; Erbacher, Robert
Author_Institution :
Utah Univ., Salt Lake City, UT, USA
Abstract :
The VisAlert visual correlation tool facilitates situational awareness in complex network environments by providing a holistic view of network security to help detect malicious activities. Information visualization techniques and methods in many applications have effectively increased operators´ situational awareness, letting them more effectively detect, diagnose, and treat anomalous conditions. Visualization elevates information comprehension by fostering rapid correlation and perceived associations. Our visualization technique integrates the information in log and alert files into an intuitive, flexible, extensible, and scalable visualization tool - VisAlert - that presents critical information concerning network activity in an integrated manner, increasing the user´s situational awareness.
Keywords :
data visualisation; security of data; telecommunication security; VisAlert visual correlation tool; alert files; complex network environment; information visualization techniques; log files; network security; situational awareness; Computer crime; Computer worms; Computerized monitoring; Data security; Data visualization; Decision making; Humans; Intrusion detection; Large-scale systems; Scalability; Cybersecurity; Data Correlation; Network Intrusion; Network Monitoring; Situational Awareness; User Centered Design; Visualization; Computer Communication Networks; Computer Graphics; Information Storage and Retrieval; Signal Processing, Computer-Assisted; Software; User-Computer Interface;
Journal_Title :
Computer Graphics and Applications, IEEE
DOI :
10.1109/MCG.2006.49
