A user-centered approach to visualizing network traffic for intrusion detection

John R. Goodall, A. Ant Ozok, Wayne G. Lutters, Penny Rheingans, Anita Komlodi

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

22 Scopus citations

Abstract

Intrusion detection (ID) analysts are charged with ensuring the safety and integrity of today's high-speed computer networks. Their work includes the complex task of searching for indications of attacks and misuse in vast amounts of network data. Although there are several information visualization tools to support ID, few are grounded in a thorough understanding of the work ID analysts perform or include any empirical evaluation. We present a user-centered visualization based on our understanding of the work of ID and the needs of analysts derived from the first significant user study of ID. The tool presents analysts with both 'at a glance' understanding of network activity, and low-level network link details. Results from preliminary usability testing show that users performed better and found easier those tasks dealing with network state in comparison to network link tasks.

Original languageEnglish
Title of host publicationCHI'05 Extended Abstracts on Human Factors in Computing Systems, CHI EA'05
Pages1403-1406
Number of pages4
DOIs
StatePublished - 2005
Externally publishedYes
EventConference on Human Factors in Computing Systems, CHI EA 2005 - Portland, OR, United States
Duration: Apr 2 2005Apr 7 2005

Publication series

NameConference on Human Factors in Computing Systems - Proceedings

Conference

ConferenceConference on Human Factors in Computing Systems, CHI EA 2005
Country/TerritoryUnited States
CityPortland, OR
Period04/2/0504/7/05

Keywords

  • Information visualization
  • Intrusion detection
  • Network security
  • Usability testing
  • User-centered design

Fingerprint

Dive into the research topics of 'A user-centered approach to visualizing network traffic for intrusion detection'. Together they form a unique fingerprint.

Cite this