VizSEC 2007 pp 203-220

Part of the Mathematics and Visualization book series (MATHVISUAL) | Cite as

Putting Security in Context: Visual Correlation of Network Activity with Real-World Information

  • W. A. Pike
  • C. Scherrer
  • S. Zabriskie

Abstract

To effectively identify and respond to cyber threats, computer security analysts must understand the scale, motivation, methods, source, and target of an attack. Central to developing this situational awareness is the analyst’s world knowledge that puts these attributes in context. What known exploits or new vulnerabilities might an anomalous traffic pattern suggest? What organizational, social, or geopolitical events help forecast or explain attacks and anomalies? Few visualization tools support creating, maintaining, and applying this knowledge of the threat landscape. Through a series of formative workshops with practicing security analysts, we have developed a visualization approach inspired by the human process of contextualization; this system, called NUANCE, creates evolving behavioral models of network actors at organizational and regional levels, continuously monitors external textual information sources for themes that indicate security threats, and automatically determines if behavior indicative of those threats is present on a network.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • W. A. Pike
    • 1
  • C. Scherrer
    • 1
  • S. Zabriskie
    • 1
  1. 1.Pacific Northwest National LaboratoryRichlandUSA

Personalised recommendations