Visual discovery in computer network defense

Anita D. D'Amico, John R. Goodall, Daniel R. Tesone, Jason K. Kopylec

Research output: Contribution to journalArticlepeer-review

42 Scopus citations

Abstract

Computer network defense (CND) requires analysts to detect both known and novel forms of attacks in massive volumes of network data. Visualization tools can potentially assist in the discovery of suspicious patterns of network activity and relationships between seemingly disparate security events, but few CND analysts are leveraging visualization technologies in their current practice. To address this, we created a new visualization framework, VIAssist, based on a comprehensive cognitive task analysis of CND analysts. We designed VIAssist to fit the work practices and operational environments of those analysts. This article describes the major visual analytic features of VIAssist that address the needs of CND analysts, including its coordinated visualizations and interactive report building capabilities. A scenario illustrates how it can be used to discover the unexpected in network flow data.

Original languageEnglish
Pages (from-to)20-27
Number of pages8
JournalIEEE Computer Graphics and Applications
Volume27
Issue number5
DOIs
StatePublished - Sep 2007
Externally publishedYes

Funding

The US Department of Defense sponsored VIAssist’s development under contract F30602-03-C-0260, with the Air Force Research Laboratory (AFRL) as the contracting agency. We acknowledge the continuous beneficial guidance during VIAssist’s development and testing offered by Kirsten Whitley of the US Department of Defense; Walt Tirenin of the AFRL in Rome, New York; and Robert Nine and the J2 staff of the Joint Task Force on Global Network Operations. The views and conclusions contained in this document are those of the authors, and should not be interpreted as representing the official policies, either expressed or implied, of the US government.

FundersFunder number
US Department of DefenseF30602-03-C-0260
Air Force Research LaboratoryAFRL

    Keywords

    • Information security
    • Information visualization
    • Situational awareness
    • User-centered design
    • Visual analytics

    Fingerprint

    Dive into the research topics of 'Visual discovery in computer network defense'. Together they form a unique fingerprint.

    Cite this