A user-centered approach to visualizing network traffic for intrusion detection

John R. Goodall, A. Ant Ozok, Wayne G. Lutters, Penny Rheingans, A. Komlódi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Citations (Scopus)

Abstract

Intrusion detection (ID) analysts are charged with ensuring the safety and integrity of today's high-speed computer networks. Their work includes the complex task of searching for indications of attacks and misuse in vast amounts of network data. Although there are several information visualization tools to support ID, few are grounded in a thorough understanding of the work ID analysts perform or include any empirical evaluation. We present a user-centered visualization based on our understanding of the work of ID and the needs of analysts derived from the first significant user study of ID. The tool presents analysts with both 'at a glance' understanding of network activity, and low-level network link details. Results from preliminary usability testing show that users performed better and found easier those tasks dealing with network state in comparison to network link tasks.

Original languageEnglish
Title of host publicationConference on Human Factors in Computing Systems - Proceedings
Pages1403-1406
Number of pages4
DOIs
Publication statusPublished - 2005
EventConference on Human Factors in Computing Systems, CHI EA 2005 - Portland, OR, United States
Duration: Apr 2 2005Apr 7 2005

Other

OtherConference on Human Factors in Computing Systems, CHI EA 2005
CountryUnited States
CityPortland, OR
Period4/2/054/7/05

Fingerprint

Intrusion detection
Visualization
Computer networks
Testing

Keywords

  • Information visualization
  • Intrusion detection
  • Network security
  • Usability testing
  • User-centered design

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Computer Graphics and Computer-Aided Design
  • Software

Cite this

Goodall, J. R., Ozok, A. A., Lutters, W. G., Rheingans, P., & Komlódi, A. (2005). A user-centered approach to visualizing network traffic for intrusion detection. In Conference on Human Factors in Computing Systems - Proceedings (pp. 1403-1406) https://doi.org/10.1145/1056808.1056927

A user-centered approach to visualizing network traffic for intrusion detection. / Goodall, John R.; Ozok, A. Ant; Lutters, Wayne G.; Rheingans, Penny; Komlódi, A.

Conference on Human Factors in Computing Systems - Proceedings. 2005. p. 1403-1406.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Goodall, JR, Ozok, AA, Lutters, WG, Rheingans, P & Komlódi, A 2005, A user-centered approach to visualizing network traffic for intrusion detection. in Conference on Human Factors in Computing Systems - Proceedings. pp. 1403-1406, Conference on Human Factors in Computing Systems, CHI EA 2005, Portland, OR, United States, 4/2/05. https://doi.org/10.1145/1056808.1056927
Goodall JR, Ozok AA, Lutters WG, Rheingans P, Komlódi A. A user-centered approach to visualizing network traffic for intrusion detection. In Conference on Human Factors in Computing Systems - Proceedings. 2005. p. 1403-1406 https://doi.org/10.1145/1056808.1056927
Goodall, John R. ; Ozok, A. Ant ; Lutters, Wayne G. ; Rheingans, Penny ; Komlódi, A. / A user-centered approach to visualizing network traffic for intrusion detection. Conference on Human Factors in Computing Systems - Proceedings. 2005. pp. 1403-1406
@inproceedings{38f21a568279402f902e15e234eb2063,
title = "A user-centered approach to visualizing network traffic for intrusion detection",
abstract = "Intrusion detection (ID) analysts are charged with ensuring the safety and integrity of today's high-speed computer networks. Their work includes the complex task of searching for indications of attacks and misuse in vast amounts of network data. Although there are several information visualization tools to support ID, few are grounded in a thorough understanding of the work ID analysts perform or include any empirical evaluation. We present a user-centered visualization based on our understanding of the work of ID and the needs of analysts derived from the first significant user study of ID. The tool presents analysts with both 'at a glance' understanding of network activity, and low-level network link details. Results from preliminary usability testing show that users performed better and found easier those tasks dealing with network state in comparison to network link tasks.",
keywords = "Information visualization, Intrusion detection, Network security, Usability testing, User-centered design",
author = "Goodall, {John R.} and Ozok, {A. Ant} and Lutters, {Wayne G.} and Penny Rheingans and A. Koml{\'o}di",
year = "2005",
doi = "10.1145/1056808.1056927",
language = "English",
isbn = "1595930027",
pages = "1403--1406",
booktitle = "Conference on Human Factors in Computing Systems - Proceedings",

}

TY - GEN

T1 - A user-centered approach to visualizing network traffic for intrusion detection

AU - Goodall, John R.

AU - Ozok, A. Ant

AU - Lutters, Wayne G.

AU - Rheingans, Penny

AU - Komlódi, A.

PY - 2005

Y1 - 2005

N2 - Intrusion detection (ID) analysts are charged with ensuring the safety and integrity of today's high-speed computer networks. Their work includes the complex task of searching for indications of attacks and misuse in vast amounts of network data. Although there are several information visualization tools to support ID, few are grounded in a thorough understanding of the work ID analysts perform or include any empirical evaluation. We present a user-centered visualization based on our understanding of the work of ID and the needs of analysts derived from the first significant user study of ID. The tool presents analysts with both 'at a glance' understanding of network activity, and low-level network link details. Results from preliminary usability testing show that users performed better and found easier those tasks dealing with network state in comparison to network link tasks.

AB - Intrusion detection (ID) analysts are charged with ensuring the safety and integrity of today's high-speed computer networks. Their work includes the complex task of searching for indications of attacks and misuse in vast amounts of network data. Although there are several information visualization tools to support ID, few are grounded in a thorough understanding of the work ID analysts perform or include any empirical evaluation. We present a user-centered visualization based on our understanding of the work of ID and the needs of analysts derived from the first significant user study of ID. The tool presents analysts with both 'at a glance' understanding of network activity, and low-level network link details. Results from preliminary usability testing show that users performed better and found easier those tasks dealing with network state in comparison to network link tasks.

KW - Information visualization

KW - Intrusion detection

KW - Network security

KW - Usability testing

KW - User-centered design

UR - http://www.scopus.com/inward/record.url?scp=84869129317&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84869129317&partnerID=8YFLogxK

U2 - 10.1145/1056808.1056927

DO - 10.1145/1056808.1056927

M3 - Conference contribution

SN - 1595930027

SN - 9781595930026

SP - 1403

EP - 1406

BT - Conference on Human Factors in Computing Systems - Proceedings

ER -