TY - GEN
T1 - A user-centered look at glyph-based security visualization
AU - Komlodi, Anita
AU - Rheingans, Penny
AU - Ayachit, Utkarsha
AU - Goodall, John R.
AU - Joshi, Amit
PY - 2005
Y1 - 2005
N2 - This paper presents the Intrusion Detection toolkit (IDtk), an information Visualization tool for intrusion detection (ID). IDtk was developed through a user-centered design process, in which we identiTed design guidelines to support ID users. ID analysts protect their networks by searching for evidence of attacks in ID system output, Trewall and system logs, and other complex, textual data sources. Monitoring and analyzing these sources incurs a heavy cognitive load for analysts. The use of information visualization techniques offers a valuable addition to the toolkit of the ID analyst. Several visualization techniques for ID have been developed, but few usability or Teld studies have been completed to assess the needs of ID analysts and the usability and usefulness of these tools. We intended to Tll this gap by applying a user-centered design process in the development and evaluation of IDtk, a 3D, glyph-based visualization tool that gives the user maximum texibility in setting up how the visualization display represents ID data. The user can also customize whether the display is a simple, high-level overview to support monitoring, or a more complex 3D view allowing for viewing the data from multiple angles and thus supporting analysis and diagnosis. This texibility was found crucial in our usability evaluation. In addition to describing the tool, we report the Tndings of our user evaluation and propose new guidelines for the design of information visualization tools for ID.
AB - This paper presents the Intrusion Detection toolkit (IDtk), an information Visualization tool for intrusion detection (ID). IDtk was developed through a user-centered design process, in which we identiTed design guidelines to support ID users. ID analysts protect their networks by searching for evidence of attacks in ID system output, Trewall and system logs, and other complex, textual data sources. Monitoring and analyzing these sources incurs a heavy cognitive load for analysts. The use of information visualization techniques offers a valuable addition to the toolkit of the ID analyst. Several visualization techniques for ID have been developed, but few usability or Teld studies have been completed to assess the needs of ID analysts and the usability and usefulness of these tools. We intended to Tll this gap by applying a user-centered design process in the development and evaluation of IDtk, a 3D, glyph-based visualization tool that gives the user maximum texibility in setting up how the visualization display represents ID data. The user can also customize whether the display is a simple, high-level overview to support monitoring, or a more complex 3D view allowing for viewing the data from multiple angles and thus supporting analysis and diagnosis. This texibility was found crucial in our usability evaluation. In addition to describing the tool, we report the Tndings of our user evaluation and propose new guidelines for the design of information visualization tools for ID.
KW - Glyphs
KW - Information visualization
KW - Intrusion detection
KW - Multivariate display
UR - http://www.scopus.com/inward/record.url?scp=33749533756&partnerID=8YFLogxK
U2 - 10.1109/VIZSEC.2005.1532062
DO - 10.1109/VIZSEC.2005.1532062
M3 - Conference contribution
AN - SCOPUS:33749533756
SN - 0780394771
SN - 9780780394773
SN - 0780394771
SN - 9780780394773
T3 - IEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings
SP - 21
EP - 28
BT - IEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings
T2 - IEEE Workshop on Visualization for Computer Security 2005, VizSEC 05
Y2 - 26 October 2005 through 26 October 2005
ER -