A user-centered look at glyph-based security visualization

Anita Komlodi, Penny Rheingans, Utkarsha Ayachit, John R. Goodall, Amit Joshi

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

41 Scopus citations

Abstract

This paper presents the Intrusion Detection toolkit (IDtk), an information Visualization tool for intrusion detection (ID). IDtk was developed through a user-centered design process, in which we identiTed design guidelines to support ID users. ID analysts protect their networks by searching for evidence of attacks in ID system output, Trewall and system logs, and other complex, textual data sources. Monitoring and analyzing these sources incurs a heavy cognitive load for analysts. The use of information visualization techniques offers a valuable addition to the toolkit of the ID analyst. Several visualization techniques for ID have been developed, but few usability or Teld studies have been completed to assess the needs of ID analysts and the usability and usefulness of these tools. We intended to Tll this gap by applying a user-centered design process in the development and evaluation of IDtk, a 3D, glyph-based visualization tool that gives the user maximum texibility in setting up how the visualization display represents ID data. The user can also customize whether the display is a simple, high-level overview to support monitoring, or a more complex 3D view allowing for viewing the data from multiple angles and thus supporting analysis and diagnosis. This texibility was found crucial in our usability evaluation. In addition to describing the tool, we report the Tndings of our user evaluation and propose new guidelines for the design of information visualization tools for ID.

Original languageEnglish
Title of host publicationIEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings
Pages21-28
Number of pages8
DOIs
StatePublished - 2005
Externally publishedYes
EventIEEE Workshop on Visualization for Computer Security 2005, VizSEC 05 - Minneapolis, MN, United States
Duration: Oct 26 2005Oct 26 2005

Publication series

NameIEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings

Conference

ConferenceIEEE Workshop on Visualization for Computer Security 2005, VizSEC 05
Country/TerritoryUnited States
CityMinneapolis, MN
Period10/26/0510/26/05

Keywords

  • Glyphs
  • Information visualization
  • Intrusion detection
  • Multivariate display

Fingerprint

Dive into the research topics of 'A user-centered look at glyph-based security visualization'. Together they form a unique fingerprint.

Cite this