Abstract | ||
---|---|---|
Visualization and interactive analysis can help network administrators and security analysts analyze the network flow and log data. The complexity of such an analysis requires a combination of knowledge and experience from more domain experts to solve difficult problems faster and with higher reliability. We developed an online visual analysis system called OCEANS to address this topic by allowing close collaboration among security analysts to create deeper insights in detecting network events. Loading the heterogeneous data source (netflow, IPS log and host status log), OCEANS provides a multi-level visualization showing temporal overview, IP connections and detailed connections. Participants can submit their findings through the visual interface and refer to others' existing findings. Users can gain inspiration from each other and collaborate on finding subtle events and targeting multi-phase attacks. Our case study confirms that OCEANS is intuitive to use and can improve efficiency. The crowd collaboration helps the users comprehend the situation and reduce false alarms. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1145/2671491.2671493 | VizSEC |
Keywords | Field | DocType |
security and protection,network security,user interfaces,situation awareness,collaborative visual analytics | Data source,Flow network,Data mining,World Wide Web,Visual interface,Interactive analysis,NetFlow,Visualization,Computer science,Computer security,Situation awareness,Network security | Conference |
Citations | PageRank | References |
9 | 0.65 | 16 |
Authors | ||
6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Siming Chen | 1 | 125 | 14.34 |
Cong Guo | 2 | 9 | 1.33 |
Xiaoru Yuan | 3 | 1157 | 70.28 |
Fabian Merkle | 4 | 9 | 0.65 |
Hanna Schaefer | 5 | 9 | 0.65 |
Thomas Ertl | 6 | 4417 | 401.52 |