2006
DOI: 10.1109/mcg.2006.30
|View full text |Cite
|
Sign up to set email alerts
|

Countering security information overload through alert and packet visualization

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

0
19
0

Year Published

2008
2008
2014
2014

Publication Types

Select...
4
3
1

Relationship

1
7

Authors

Journals

citations
Cited by 35 publications
(22 citation statements)
references
References 8 publications
0
19
0
Order By: Relevance
“…In terms of case studies, the IDS Rainstorm [8] and MieLog systems [25] focus on time series log data that share similar characteristics with the Travelport data. IDS Rainstorm uses visualizations to help network system administrators analyze massive amounts of alarm data generated from intrusion detection systems.…”
Section: Related Workmentioning
confidence: 99%
“…In terms of case studies, the IDS Rainstorm [8] and MieLog systems [25] focus on time series log data that share similar characteristics with the Travelport data. IDS Rainstorm uses visualizations to help network system administrators analyze massive amounts of alarm data generated from intrusion detection systems.…”
Section: Related Workmentioning
confidence: 99%
“…However, today's highly distributed attacks and excessive Internet background radiation [15] make it difficult to use standard visualization tools to their full potential. Conti et al [4,6] discuss visualization systems which filter data but leave it up to the analyst to select which records to display. The prefiltering phase involves removing unwanted fields from flows or formatting the data; it does not automatically remove any full flows.…”
Section: Related Workmentioning
confidence: 99%
“…Visual representation of network data, as opposed to textual representation, can help in analyzing a vast amount of data more quickly [4]. It takes humans much less time to recognize specific information or patterns in a picture than to detect the same in text.…”
Section: Introductionmentioning
confidence: 99%
“…The task of making sense of these data files is considerable, and can lead to cognitive overload, even amongst seasoned analysts [5]. Clearly an "information gap" exists between the data produced and the information needed by the analyst to make timely, informed decisions [6].…”
Section: Introductionmentioning
confidence: 99%
“…To reliably perform such a task on a log file consisting of thousands of events is beyond the capabilities of most human beings. Statistical analysis and filtering methods are therefore extensively employed amongst IDS operators [5] to make sense of the data. The user may assemble an SQL query or a sequence of Unix commands to discover which host received the most attacks in a given period, or to isolate all alerts for a given attack type.…”
Section: Introductionmentioning
confidence: 99%