Visualization Techniques for Computer Network Defense

Effective visual analysis of computer network defense (CND) information is challenging due to the volume and complexity of both the raw and analyzed network data. A typical CND is comprised of multiple niche intrusion detection tools, each of which performs network data analysis and produces a uniqu...

Full description

Bibliographic Details
Main Authors: Justin M. Beavera, Chad A. Steeda, Robert M. Pattona, Xiaohui Cuia, Matthew Schultzb
Other Authors: The Pennsylvania State University CiteSeerX Archives
Format: Text
Language:English
Subjects:
cyber defense
visualization
visual analytics
knowledge discovery
Orca
Online Access:http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.471.5145
http://cda.ornl.gov/publications_2011/Publication 29224_Beaver.pdf
id ftciteseerx:oai:CiteSeerX.psu:10.1.1.471.5145
record_format openpolar
spelling ftciteseerx:oai:CiteSeerX.psu:10.1.1.471.5145 2023-05-15T17:53:50+02:00 Visualization Techniques for Computer Network Defense Justin M. Beavera Chad A. Steeda Robert M. Pattona Xiaohui Cuia Matthew Schultzb The Pennsylvania State University CiteSeerX Archives application/pdf http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.471.5145 http://cda.ornl.gov/publications_2011/Publication 29224_Beaver.pdf en eng http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.471.5145 http://cda.ornl.gov/publications_2011/Publication 29224_Beaver.pdf Metadata may be used without restrictions as long as the oai identifier remains attached to it. http://cda.ornl.gov/publications_2011/Publication 29224_Beaver.pdf cyber defense visualization visual analytics knowledge discovery text ftciteseerx 2016-01-08T07:18:55Z Effective visual analysis of computer network defense (CND) information is challenging due to the volume and complexity of both the raw and analyzed network data. A typical CND is comprised of multiple niche intrusion detection tools, each of which performs network data analysis and produces a unique alerting output. The state-of-the-practice in the situational awareness of CND data is the prevalent use of custom-developed scripts by Information Technology (IT) professionals to retrieve, organize, and understand potential threat events. We propose a new visual analytics framework, called the Oak Ridge Cyber Analytics (ORCA) system, for CND data that allows an operator to interact with all detection tool outputs simultaneously. Aggregated alert events are presented in multiple coordinated views with timeline, cluster, and swarm model analysis displays. These displays are complemented with both supervised and semi-supervised machine learning classifiers. The intent of the visual analytics framework is to improve CND situational awareness, to enable an analyst to quickly navigate and analyze thousands of detected events, and to combine sophisticated data analysis techniques with interactive visualization such that patterns of anomalous activities may be more easily identified and investigated. Text Orca Unknown
institution Open Polar
collection Unknown
op_collection_id ftciteseerx
language English
topic cyber defense
visualization
visual analytics
knowledge discovery
spellingShingle cyber defense
visualization
visual analytics
knowledge discovery
Justin M. Beavera
Chad A. Steeda
Robert M. Pattona
Xiaohui Cuia
Matthew Schultzb
Visualization Techniques for Computer Network Defense
topic_facet cyber defense
visualization
visual analytics
knowledge discovery
description Effective visual analysis of computer network defense (CND) information is challenging due to the volume and complexity of both the raw and analyzed network data. A typical CND is comprised of multiple niche intrusion detection tools, each of which performs network data analysis and produces a unique alerting output. The state-of-the-practice in the situational awareness of CND data is the prevalent use of custom-developed scripts by Information Technology (IT) professionals to retrieve, organize, and understand potential threat events. We propose a new visual analytics framework, called the Oak Ridge Cyber Analytics (ORCA) system, for CND data that allows an operator to interact with all detection tool outputs simultaneously. Aggregated alert events are presented in multiple coordinated views with timeline, cluster, and swarm model analysis displays. These displays are complemented with both supervised and semi-supervised machine learning classifiers. The intent of the visual analytics framework is to improve CND situational awareness, to enable an analyst to quickly navigate and analyze thousands of detected events, and to combine sophisticated data analysis techniques with interactive visualization such that patterns of anomalous activities may be more easily identified and investigated.
author2 The Pennsylvania State University CiteSeerX Archives
format Text
author Justin M. Beavera
Chad A. Steeda
Robert M. Pattona
Xiaohui Cuia
Matthew Schultzb
author_facet Justin M. Beavera
Chad A. Steeda
Robert M. Pattona
Xiaohui Cuia
Matthew Schultzb
author_sort Justin M. Beavera
title Visualization Techniques for Computer Network Defense
title_short Visualization Techniques for Computer Network Defense
title_full Visualization Techniques for Computer Network Defense
title_fullStr Visualization Techniques for Computer Network Defense
title_full_unstemmed Visualization Techniques for Computer Network Defense
title_sort visualization techniques for computer network defense
url http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.471.5145
http://cda.ornl.gov/publications_2011/Publication 29224_Beaver.pdf
genre Orca
genre_facet Orca
op_source http://cda.ornl.gov/publications_2011/Publication 29224_Beaver.pdf
op_relation http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.471.5145
http://cda.ornl.gov/publications_2011/Publication 29224_Beaver.pdf
op_rights Metadata may be used without restrictions as long as the oai identifier remains attached to it.
_version_ 1766161532912140288

Similar Items