{"title":"闭环:安全可视化中的发现和搜索","authors":"K. Lakkaraju, R. Bearavolu, A. Slagell, W. Yurcik","doi":"10.1109/IAW.2005.1495934","DOIUrl":null,"url":null,"abstract":"The tasks of security engineers include detecting attacks and responding to them. In order to accomplish this, a security engineer must be able to decide what behavior indicates an attack and then search for this behavior. Current security visualization tools provide rich and concise visualizations of network data that allow security engineers to determine the nature of attacks on the network. However, current security visualizations lack the ability for security engineers to search for these behaviors in the network logs. The process of finding interesting patterns in the data is called discovery, and finding instances of these patterns is called searching. Security engineers must do both discovery and search, but current security visualization tools only help in discovery. In this paper, we describe the modifications we have made to our security visualization tool, NVisionIP, that allow security engineers to not only discover patterns in the data, but also to search for those patterns in other data.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"69 ","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Closing-the-loop: discovery and search in security visualizations\",\"authors\":\"K. Lakkaraju, R. Bearavolu, A. Slagell, W. Yurcik\",\"doi\":\"10.1109/IAW.2005.1495934\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The tasks of security engineers include detecting attacks and responding to them. In order to accomplish this, a security engineer must be able to decide what behavior indicates an attack and then search for this behavior. Current security visualization tools provide rich and concise visualizations of network data that allow security engineers to determine the nature of attacks on the network. However, current security visualizations lack the ability for security engineers to search for these behaviors in the network logs. The process of finding interesting patterns in the data is called discovery, and finding instances of these patterns is called searching. Security engineers must do both discovery and search, but current security visualization tools only help in discovery. In this paper, we describe the modifications we have made to our security visualization tool, NVisionIP, that allow security engineers to not only discover patterns in the data, but also to search for those patterns in other data.\",\"PeriodicalId\":252208,\"journal\":{\"name\":\"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop\",\"volume\":\"69 \",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-06-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IAW.2005.1495934\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2005.1495934","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Closing-the-loop: discovery and search in security visualizations
The tasks of security engineers include detecting attacks and responding to them. In order to accomplish this, a security engineer must be able to decide what behavior indicates an attack and then search for this behavior. Current security visualization tools provide rich and concise visualizations of network data that allow security engineers to determine the nature of attacks on the network. However, current security visualizations lack the ability for security engineers to search for these behaviors in the network logs. The process of finding interesting patterns in the data is called discovery, and finding instances of these patterns is called searching. Security engineers must do both discovery and search, but current security visualization tools only help in discovery. In this paper, we describe the modifications we have made to our security visualization tool, NVisionIP, that allow security engineers to not only discover patterns in the data, but also to search for those patterns in other data.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
