Visualization Techniques for Computer Network Defense
Effective visual analysis of computer network defense (CND) information is challenging due to the volume and complexity of both the raw and analyzed network data. A typical CND is comprised of multiple niche intrusion detection tools, each of which performs network data analysis and produces a uniqu...
Main Authors: | , , , , |
---|---|
Other Authors: | |
Format: | Text |
Language: | English |
Subjects: | |
Online Access: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.471.5145 http://cda.ornl.gov/publications_2011/Publication 29224_Beaver.pdf |
id |
ftciteseerx:oai:CiteSeerX.psu:10.1.1.471.5145 |
---|---|
record_format |
openpolar |
spelling |
ftciteseerx:oai:CiteSeerX.psu:10.1.1.471.5145 2023-05-15T17:53:50+02:00 Visualization Techniques for Computer Network Defense Justin M. Beavera Chad A. Steeda Robert M. Pattona Xiaohui Cuia Matthew Schultzb The Pennsylvania State University CiteSeerX Archives application/pdf http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.471.5145 http://cda.ornl.gov/publications_2011/Publication 29224_Beaver.pdf en eng http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.471.5145 http://cda.ornl.gov/publications_2011/Publication 29224_Beaver.pdf Metadata may be used without restrictions as long as the oai identifier remains attached to it. http://cda.ornl.gov/publications_2011/Publication 29224_Beaver.pdf cyber defense visualization visual analytics knowledge discovery text ftciteseerx 2016-01-08T07:18:55Z Effective visual analysis of computer network defense (CND) information is challenging due to the volume and complexity of both the raw and analyzed network data. A typical CND is comprised of multiple niche intrusion detection tools, each of which performs network data analysis and produces a unique alerting output. The state-of-the-practice in the situational awareness of CND data is the prevalent use of custom-developed scripts by Information Technology (IT) professionals to retrieve, organize, and understand potential threat events. We propose a new visual analytics framework, called the Oak Ridge Cyber Analytics (ORCA) system, for CND data that allows an operator to interact with all detection tool outputs simultaneously. Aggregated alert events are presented in multiple coordinated views with timeline, cluster, and swarm model analysis displays. These displays are complemented with both supervised and semi-supervised machine learning classifiers. The intent of the visual analytics framework is to improve CND situational awareness, to enable an analyst to quickly navigate and analyze thousands of detected events, and to combine sophisticated data analysis techniques with interactive visualization such that patterns of anomalous activities may be more easily identified and investigated. Text Orca Unknown |
institution |
Open Polar |
collection |
Unknown |
op_collection_id |
ftciteseerx |
language |
English |
topic |
cyber defense visualization visual analytics knowledge discovery |
spellingShingle |
cyber defense visualization visual analytics knowledge discovery Justin M. Beavera Chad A. Steeda Robert M. Pattona Xiaohui Cuia Matthew Schultzb Visualization Techniques for Computer Network Defense |
topic_facet |
cyber defense visualization visual analytics knowledge discovery |
description |
Effective visual analysis of computer network defense (CND) information is challenging due to the volume and complexity of both the raw and analyzed network data. A typical CND is comprised of multiple niche intrusion detection tools, each of which performs network data analysis and produces a unique alerting output. The state-of-the-practice in the situational awareness of CND data is the prevalent use of custom-developed scripts by Information Technology (IT) professionals to retrieve, organize, and understand potential threat events. We propose a new visual analytics framework, called the Oak Ridge Cyber Analytics (ORCA) system, for CND data that allows an operator to interact with all detection tool outputs simultaneously. Aggregated alert events are presented in multiple coordinated views with timeline, cluster, and swarm model analysis displays. These displays are complemented with both supervised and semi-supervised machine learning classifiers. The intent of the visual analytics framework is to improve CND situational awareness, to enable an analyst to quickly navigate and analyze thousands of detected events, and to combine sophisticated data analysis techniques with interactive visualization such that patterns of anomalous activities may be more easily identified and investigated. |
author2 |
The Pennsylvania State University CiteSeerX Archives |
format |
Text |
author |
Justin M. Beavera Chad A. Steeda Robert M. Pattona Xiaohui Cuia Matthew Schultzb |
author_facet |
Justin M. Beavera Chad A. Steeda Robert M. Pattona Xiaohui Cuia Matthew Schultzb |
author_sort |
Justin M. Beavera |
title |
Visualization Techniques for Computer Network Defense |
title_short |
Visualization Techniques for Computer Network Defense |
title_full |
Visualization Techniques for Computer Network Defense |
title_fullStr |
Visualization Techniques for Computer Network Defense |
title_full_unstemmed |
Visualization Techniques for Computer Network Defense |
title_sort |
visualization techniques for computer network defense |
url |
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.471.5145 http://cda.ornl.gov/publications_2011/Publication 29224_Beaver.pdf |
genre |
Orca |
genre_facet |
Orca |
op_source |
http://cda.ornl.gov/publications_2011/Publication 29224_Beaver.pdf |
op_relation |
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.471.5145 http://cda.ornl.gov/publications_2011/Publication 29224_Beaver.pdf |
op_rights |
Metadata may be used without restrictions as long as the oai identifier remains attached to it. |
_version_ |
1766161532912140288 |