TY - GEN
T1 - Closing-the-loop
T2 - 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005
AU - Lakkaraju, Kiran
AU - Bearavolu, Ratna
AU - Slagell, Adam J
AU - Yurcik, William
PY - 2005/12/1
Y1 - 2005/12/1
N2 - The tasks of security engineers include detecting attacks and responding to them. In order to accomplish this, a security engineer must be able to decide what behavior indicates an attack and then search for this behavior. Current security visualization tools provide rich and concise visualizations of network data that allow security engineers to determine the nature of attacks on the network. However, current security visualizations lack the ability for security engineers to search for these behaviors in the network logs. The process of finding interesting patterns in the data is called discovery, and finding instances of these patterns is called searching. Security engineers must do both discovery and search, but current security visualization tools only help in discovery. In this paper, we describe the modifications we have made to our security visualization tool, NVisionIP, that allow security engineers to not only discover patterns in the data, but also to search for those patterns in other data.
AB - The tasks of security engineers include detecting attacks and responding to them. In order to accomplish this, a security engineer must be able to decide what behavior indicates an attack and then search for this behavior. Current security visualization tools provide rich and concise visualizations of network data that allow security engineers to determine the nature of attacks on the network. However, current security visualizations lack the ability for security engineers to search for these behaviors in the network logs. The process of finding interesting patterns in the data is called discovery, and finding instances of these patterns is called searching. Security engineers must do both discovery and search, but current security visualization tools only help in discovery. In this paper, we describe the modifications we have made to our security visualization tool, NVisionIP, that allow security engineers to not only discover patterns in the data, but also to search for those patterns in other data.
UR - http://www.scopus.com/inward/record.url?scp=33745467523&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33745467523&partnerID=8YFLogxK
U2 - 10.1109/IAW.2005.1495934
DO - 10.1109/IAW.2005.1495934
M3 - Conference contribution
AN - SCOPUS:33745467523
SN - 0780392906
SN - 9780780392908
T3 - Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005
SP - 58
EP - 63
BT - Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005
Y2 - 15 June 2005 through 17 June 2005
ER -