Integrating visual analysis of network security and management of detection system configurations

Hellmann, Bastian; Ahlers, Volker; Rodosek, Gabi Dreo

doi:10.1109/idaacs.2017.8095240

Cited by 1 publication

(2 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In our previous work we presented a visual network analysis framework which allows the integration of data from different data sources as well as the visualization of historic data and network changes between two time instances [11] (and references therein). The software architecture and the data model rely on the Interface for Metadata Access Points (IF-MAP) specification [12].…”

Section: Visual Analysis and "What-if" Simulationmentioning

confidence: 99%

“…Within the graphical representation, the connection between the security event, the responsible policy elements and the processed input for the detection are explicitly shown, minimizing additional manual aggregation of these different sources of information. In a further step our framework allows to modify the rules of the detection policies and simulate the policy evaluation with the past network dynamics [11], thus providing a "what-if" functionality that allows the testing of policy changes, e. g., in order to reduce the number of false positive events.…”

Section: Visual Analysis and "What-if" Simulationmentioning

confidence: 99%

See 1 more Smart Citation

A User Study of the Visualization-Assisted Evaluation and Management of Network Security Detection Events and Policies

Ahlers

Hellmann

Rodosek

2019

2019 10th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applicat

Self Cite

View full text Add to dashboard Cite

Intrusion detection systems and other network security components detect security-relevant events based on policies consisting of rules. If an event turns out as a false alarm, the corresponding policy has to be adjusted in order to reduce the number of false positives. Modified policies, however, need to be tested before going into productive use. We present a visual analysis tool for the evaluation of security events and related policies which integrates data from different sources using the IF-MAP specification and provides a "what-if" simulation for testing modified policies on past network dynamics. In this paper, we will describe the design and outcome of a user study that will help us to evaluate our visual analysis tool.

show abstract

Section: Visual Analysis and "What-if" Simulationmentioning

confidence: 99%

Section: Visual Analysis and "What-if" Simulationmentioning

confidence: 99%