Closing-the-loop: Discovery and search in security visualizations

Kiran Lakkaraju; Ratna Bearavolu; Adam J Slagell; William Yurcik

doi:10.1109/IAW.2005.1495934

Closing-the-loop: Discovery and search in security visualizations

Kiran Lakkaraju, Ratna Bearavolu, Adam J Slagell, William Yurcik

National Center for Supercomputing Applications (NCSA)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The tasks of security engineers include detecting attacks and responding to them. In order to accomplish this, a security engineer must be able to decide what behavior indicates an attack and then search for this behavior. Current security visualization tools provide rich and concise visualizations of network data that allow security engineers to determine the nature of attacks on the network. However, current security visualizations lack the ability for security engineers to search for these behaviors in the network logs. The process of finding interesting patterns in the data is called discovery, and finding instances of these patterns is called searching. Security engineers must do both discovery and search, but current security visualization tools only help in discovery. In this paper, we describe the modifications we have made to our security visualization tool, NVisionIP, that allow security engineers to not only discover patterns in the data, but also to search for those patterns in other data.

Original language	English (US)
Title of host publication	Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005
Pages	58-63
Number of pages	6
DOIs	https://doi.org/10.1109/IAW.2005.1495934
State	Published - Dec 1 2005
Event	6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005 - West Point, NY, United States Duration: Jun 15 2005 → Jun 17 2005

Publication series

Name	Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005
Volume	2005

Other

Other	6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005
Country	United States
City	West Point, NY
Period	6/15/05 → 6/17/05

ASJC Scopus subject areas

Engineering(all)

Access to Document

10.1109/IAW.2005.1495934

Fingerprint Dive into the research topics of 'Closing-the-loop: Discovery and search in security visualizations'. Together they form a unique fingerprint.

Cite this

Lakkaraju, K., Bearavolu, R., Slagell, A. J., & Yurcik, W. (2005). Closing-the-loop: Discovery and search in security visualizations. In Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005 (pp. 58-63). [1495934] (Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005; Vol. 2005). https://doi.org/10.1109/IAW.2005.1495934

Closing-the-loop : Discovery and search in security visualizations. / Lakkaraju, Kiran; Bearavolu, Ratna; Slagell, Adam J; Yurcik, William.

Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005. 2005. p. 58-63 1495934 (Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005; Vol. 2005).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lakkaraju, K, Bearavolu, R, Slagell, AJ & Yurcik, W 2005, Closing-the-loop: Discovery and search in security visualizations. in Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005., 1495934, Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005, vol. 2005, pp. 58-63, 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005, West Point, NY, United States, 6/15/05. https://doi.org/10.1109/IAW.2005.1495934

Lakkaraju K, Bearavolu R, Slagell AJ, Yurcik W. Closing-the-loop: Discovery and search in security visualizations. In Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005. 2005. p. 58-63. 1495934. (Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005). https://doi.org/10.1109/IAW.2005.1495934

Lakkaraju, Kiran ; Bearavolu, Ratna ; Slagell, Adam J ; Yurcik, William. / Closing-the-loop : Discovery and search in security visualizations. Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005. 2005. pp. 58-63 (Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005).

@inproceedings{c2c118d022d243269f950ef1f7ad7b1d,

title = "Closing-the-loop: Discovery and search in security visualizations",

abstract = "The tasks of security engineers include detecting attacks and responding to them. In order to accomplish this, a security engineer must be able to decide what behavior indicates an attack and then search for this behavior. Current security visualization tools provide rich and concise visualizations of network data that allow security engineers to determine the nature of attacks on the network. However, current security visualizations lack the ability for security engineers to search for these behaviors in the network logs. The process of finding interesting patterns in the data is called discovery, and finding instances of these patterns is called searching. Security engineers must do both discovery and search, but current security visualization tools only help in discovery. In this paper, we describe the modifications we have made to our security visualization tool, NVisionIP, that allow security engineers to not only discover patterns in the data, but also to search for those patterns in other data.",

author = "Kiran Lakkaraju and Ratna Bearavolu and Slagell, {Adam J} and William Yurcik",

year = "2005",

month = dec,

day = "1",

doi = "10.1109/IAW.2005.1495934",

language = "English (US)",

isbn = "0780392906",

series = "Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005",

pages = "58--63",

booktitle = "Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005",

note = "6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005 ; Conference date: 15-06-2005 Through 17-06-2005",

}

TY - GEN

T1 - Closing-the-loop

T2 - 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005

AU - Lakkaraju, Kiran

AU - Bearavolu, Ratna

AU - Slagell, Adam J

AU - Yurcik, William

PY - 2005/12/1

Y1 - 2005/12/1

N2 - The tasks of security engineers include detecting attacks and responding to them. In order to accomplish this, a security engineer must be able to decide what behavior indicates an attack and then search for this behavior. Current security visualization tools provide rich and concise visualizations of network data that allow security engineers to determine the nature of attacks on the network. However, current security visualizations lack the ability for security engineers to search for these behaviors in the network logs. The process of finding interesting patterns in the data is called discovery, and finding instances of these patterns is called searching. Security engineers must do both discovery and search, but current security visualization tools only help in discovery. In this paper, we describe the modifications we have made to our security visualization tool, NVisionIP, that allow security engineers to not only discover patterns in the data, but also to search for those patterns in other data.

AB - The tasks of security engineers include detecting attacks and responding to them. In order to accomplish this, a security engineer must be able to decide what behavior indicates an attack and then search for this behavior. Current security visualization tools provide rich and concise visualizations of network data that allow security engineers to determine the nature of attacks on the network. However, current security visualizations lack the ability for security engineers to search for these behaviors in the network logs. The process of finding interesting patterns in the data is called discovery, and finding instances of these patterns is called searching. Security engineers must do both discovery and search, but current security visualization tools only help in discovery. In this paper, we describe the modifications we have made to our security visualization tool, NVisionIP, that allow security engineers to not only discover patterns in the data, but also to search for those patterns in other data.

UR - http://www.scopus.com/inward/record.url?scp=33745467523&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33745467523&partnerID=8YFLogxK

U2 - 10.1109/IAW.2005.1495934

DO - 10.1109/IAW.2005.1495934

M3 - Conference contribution

AN - SCOPUS:33745467523

SN - 0780392906

SN - 9780780392908

T3 - Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005

SP - 58

EP - 63

BT - Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005

Y2 - 15 June 2005 through 17 June 2005

ER -