Visualizing network traffic for intrusion detection

John R. Goodall

doi:10.1145/1142405.1142465

Visualizing network traffic for intrusion detection

John R. Goodall

Data Science and Visualization

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

Intrusion detection, the process of using network data to identify potential attacks, has become an essential component of information security. Human analysts doing intrusion detection work utilize vast amounts of data from disparate sources to make decisions about potential attacks. Yet, there is limited understanding of this critical human component. This research seeks to understand the work practices of these human analysts to inform the design of a task-appropriate information visualization tool to support network intrusion detection analysis tasks. System design will follow a user-centered, spiral methodology. System evaluation will include both a field-based qualitative evaluation, uncommon in information visualization, and a lab-based benchmarking evaluation.

Original language	English
Title of host publication	Proceedings of the Conference on Designing Interactive Systems, DIS2006
Publisher	Association for Computing Machinery (ACM)
Pages	363-364
Number of pages	2
ISBN (Print)	1595933417, 9781595933416
DOIs	https://doi.org/10.1145/1142405.1142465
State	Published - 2006
Event	Proceedings of the Conference on Designing Interactive Systems, DIS2006 - University Park, PA, United States Duration: Jun 26 2006 → Jun 28 2006

Publication series

Name	Proceedings of the Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques, DIS
Volume	2006

Conference

Conference	Proceedings of the Conference on Designing Interactive Systems, DIS2006
Country/Territory	United States
City	University Park, PA
Period	06/26/06 → 06/28/06

Keywords

HCI
Information visualization
Intrusion detection
Network security

Access to Document

10.1145/1142405.1142465

Cite this

Goodall, J. R. (2006). Visualizing network traffic for intrusion detection. In Proceedings of the Conference on Designing Interactive Systems, DIS2006 (pp. 363-364). (Proceedings of the Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques, DIS; Vol. 2006). Association for Computing Machinery (ACM). https://doi.org/10.1145/1142405.1142465

@inproceedings{32135b2913224970b839a1707a27c5f6,

title = "Visualizing network traffic for intrusion detection",

abstract = "Intrusion detection, the process of using network data to identify potential attacks, has become an essential component of information security. Human analysts doing intrusion detection work utilize vast amounts of data from disparate sources to make decisions about potential attacks. Yet, there is limited understanding of this critical human component. This research seeks to understand the work practices of these human analysts to inform the design of a task-appropriate information visualization tool to support network intrusion detection analysis tasks. System design will follow a user-centered, spiral methodology. System evaluation will include both a field-based qualitative evaluation, uncommon in information visualization, and a lab-based benchmarking evaluation.",

keywords = "HCI, Information visualization, Intrusion detection, Network security",

author = "Goodall, {John R.}",

year = "2006",

doi = "10.1145/1142405.1142465",

language = "English",

isbn = "1595933417",

series = "Proceedings of the Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques, DIS",

publisher = "Association for Computing Machinery (ACM)",

pages = "363--364",

booktitle = "Proceedings of the Conference on Designing Interactive Systems, DIS2006",

note = "Proceedings of the Conference on Designing Interactive Systems, DIS2006 ; Conference date: 26-06-2006 Through 28-06-2006",

}

Goodall, JR 2006, Visualizing network traffic for intrusion detection. in Proceedings of the Conference on Designing Interactive Systems, DIS2006. Proceedings of the Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques, DIS, vol. 2006, Association for Computing Machinery (ACM), pp. 363-364, Proceedings of the Conference on Designing Interactive Systems, DIS2006, University Park, PA, United States, 06/26/06. https://doi.org/10.1145/1142405.1142465

Visualizing network traffic for intrusion detection. / Goodall, John R.
Proceedings of the Conference on Designing Interactive Systems, DIS2006. Association for Computing Machinery (ACM), 2006. p. 363-364 (Proceedings of the Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques, DIS; Vol. 2006).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Visualizing network traffic for intrusion detection

AU - Goodall, John R.

PY - 2006

Y1 - 2006

N2 - Intrusion detection, the process of using network data to identify potential attacks, has become an essential component of information security. Human analysts doing intrusion detection work utilize vast amounts of data from disparate sources to make decisions about potential attacks. Yet, there is limited understanding of this critical human component. This research seeks to understand the work practices of these human analysts to inform the design of a task-appropriate information visualization tool to support network intrusion detection analysis tasks. System design will follow a user-centered, spiral methodology. System evaluation will include both a field-based qualitative evaluation, uncommon in information visualization, and a lab-based benchmarking evaluation.

AB - Intrusion detection, the process of using network data to identify potential attacks, has become an essential component of information security. Human analysts doing intrusion detection work utilize vast amounts of data from disparate sources to make decisions about potential attacks. Yet, there is limited understanding of this critical human component. This research seeks to understand the work practices of these human analysts to inform the design of a task-appropriate information visualization tool to support network intrusion detection analysis tasks. System design will follow a user-centered, spiral methodology. System evaluation will include both a field-based qualitative evaluation, uncommon in information visualization, and a lab-based benchmarking evaluation.

KW - HCI

KW - Information visualization

KW - Intrusion detection

KW - Network security

UR - http://www.scopus.com/inward/record.url?scp=33750918506&partnerID=8YFLogxK

U2 - 10.1145/1142405.1142465

DO - 10.1145/1142405.1142465

M3 - Conference contribution

AN - SCOPUS:33750918506

SN - 1595933417

SN - 9781595933416

T3 - Proceedings of the Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques, DIS

SP - 363

EP - 364

BT - Proceedings of the Conference on Designing Interactive Systems, DIS2006

PB - Association for Computing Machinery (ACM)

T2 - Proceedings of the Conference on Designing Interactive Systems, DIS2006

Y2 - 26 June 2006 through 28 June 2006

ER -

Visualizing network traffic for intrusion detection

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this