User requirements and design of a visualization for intrusion detection analysis

Abstract

This paper reports on the user requirements gathering activities and design of an information visualization tool for analyzing network data for intrusion detection (ID). User-centered design methods have been widely used for many years. However, innovative visualization displays are often developed with limited consideration of user needs in the context of real-life problems. While it can be argued that this is required to generate creative new solutions, the resulting tools may not fully support actual users in their daily work. We studied ID analysts' activities in order to understand their work practices. This resulted in a simple task model of ID work and guidelines for visualization support. Noting the lack of current visualization support for the analysis ID task and grounded in the actual needs of ID analysts, we designed a visualization prototype for investigating network traffic.