Visualization techniques for computer network defense

Justin M. Beaver, Chad A. Steed, Robert M. Patton, Xiaohui Cui, Matthew Schultz

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

Effective visual analysis of computer network defense (CND) information is challenging due to the volume and complexity of both the raw and analyzed network data. A typical CND is comprised of multiple niche intrusion detection tools, each of which performs network data analysis and produces a unique alerting output. The state-of-the-practice in the situational awareness of CND data is the prevalent use of custom-developed scripts by Information Technology (IT) professionals to retrieve, organize, and understand potential threat events. We propose a new visual analytics framework, called the Oak Ridge Cyber Analytics (ORCA) system, for CND data that allows an operator to interact with all detection tool outputs simultaneously. Aggregated alert events are presented in multiple coordinated views with timeline, cluster, and swarm model analysis displays. These displays are complemented with both supervised and semi-supervised machine learning classifiers. The intent of the visual analytics framework is to improve CND situational awareness, to enable an analyst to quickly navigate and analyze thousands of detected events, and to combine sophisticated data analysis techniques with interactive visualization such that patterns of anomalous activities may be more easily identified and investigated.

Original languageEnglish
Title of host publicationSensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense X
DOIs
StatePublished - 2011
EventSensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense X - Orlando, FL, United States
Duration: Apr 25 2011Apr 28 2011

Publication series

NameProceedings of SPIE - The International Society for Optical Engineering
Volume8019
ISSN (Print)0277-786X

Conference

ConferenceSensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense X
Country/TerritoryUnited States
CityOrlando, FL
Period04/25/1104/28/11

Keywords

  • Cyber defense
  • Knowledge discovery
  • Visual analytics
  • Visualization

Fingerprint

Dive into the research topics of 'Visualization techniques for computer network defense'. Together they form a unique fingerprint.

Cite this