A user-centered look at glyph-based security visualization

A. Komlódi, Penny Rheingans, Utkarsha Ayachit, John R. Goodall, Amit Joshi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

35 Citations (Scopus)

Abstract

This paper presents the Intrusion Detection toolkit (IDtk), an information Visualization tool for intrusion detection (ID). IDtk was developed through a user-centered design process, in which we identiTed design guidelines to support ID users. ID analysts protect their networks by searching for evidence of attacks in ID system output, Trewall and system logs, and other complex, textual data sources. Monitoring and analyzing these sources incurs a heavy cognitive load for analysts. The use of information visualization techniques offers a valuable addition to the toolkit of the ID analyst. Several visualization techniques for ID have been developed, but few usability or Teld studies have been completed to assess the needs of ID analysts and the usability and usefulness of these tools. We intended to Tll this gap by applying a user-centered design process in the development and evaluation of IDtk, a 3D, glyph-based visualization tool that gives the user maximum texibility in setting up how the visualization display represents ID data. The user can also customize whether the display is a simple, high-level overview to support monitoring, or a more complex 3D view allowing for viewing the data from multiple angles and thus supporting analysis and diagnosis. This texibility was found crucial in our usability evaluation. In addition to describing the tool, we report the Tndings of our user evaluation and propose new guidelines for the design of information visualization tools for ID.

Original languageEnglish
Title of host publicationIEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings
Pages21-28
Number of pages8
DOIs
Publication statusPublished - 2005
EventIEEE Workshop on Visualization for Computer Security 2005, VizSEC 05 - Minneapolis, MN, United States
Duration: Oct 26 2005Oct 26 2005

Other

OtherIEEE Workshop on Visualization for Computer Security 2005, VizSEC 05
CountryUnited States
CityMinneapolis, MN
Period10/26/0510/26/05

Fingerprint

Intrusion detection
Visualization
Display devices
Monitoring

Keywords

  • Glyphs
  • Information visualization
  • Intrusion detection
  • Multivariate display

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Komlódi, A., Rheingans, P., Ayachit, U., Goodall, J. R., & Joshi, A. (2005). A user-centered look at glyph-based security visualization. In IEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings (pp. 21-28). [1532062] https://doi.org/10.1109/VIZSEC.2005.1532062

A user-centered look at glyph-based security visualization. / Komlódi, A.; Rheingans, Penny; Ayachit, Utkarsha; Goodall, John R.; Joshi, Amit.

IEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings. 2005. p. 21-28 1532062.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Komlódi, A, Rheingans, P, Ayachit, U, Goodall, JR & Joshi, A 2005, A user-centered look at glyph-based security visualization. in IEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings., 1532062, pp. 21-28, IEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Minneapolis, MN, United States, 10/26/05. https://doi.org/10.1109/VIZSEC.2005.1532062
Komlódi A, Rheingans P, Ayachit U, Goodall JR, Joshi A. A user-centered look at glyph-based security visualization. In IEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings. 2005. p. 21-28. 1532062 https://doi.org/10.1109/VIZSEC.2005.1532062
Komlódi, A. ; Rheingans, Penny ; Ayachit, Utkarsha ; Goodall, John R. ; Joshi, Amit. / A user-centered look at glyph-based security visualization. IEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings. 2005. pp. 21-28
@inproceedings{125a6b187e9a4659af16575698ac83a4,
title = "A user-centered look at glyph-based security visualization",
abstract = "This paper presents the Intrusion Detection toolkit (IDtk), an information Visualization tool for intrusion detection (ID). IDtk was developed through a user-centered design process, in which we identiTed design guidelines to support ID users. ID analysts protect their networks by searching for evidence of attacks in ID system output, Trewall and system logs, and other complex, textual data sources. Monitoring and analyzing these sources incurs a heavy cognitive load for analysts. The use of information visualization techniques offers a valuable addition to the toolkit of the ID analyst. Several visualization techniques for ID have been developed, but few usability or Teld studies have been completed to assess the needs of ID analysts and the usability and usefulness of these tools. We intended to Tll this gap by applying a user-centered design process in the development and evaluation of IDtk, a 3D, glyph-based visualization tool that gives the user maximum texibility in setting up how the visualization display represents ID data. The user can also customize whether the display is a simple, high-level overview to support monitoring, or a more complex 3D view allowing for viewing the data from multiple angles and thus supporting analysis and diagnosis. This texibility was found crucial in our usability evaluation. In addition to describing the tool, we report the Tndings of our user evaluation and propose new guidelines for the design of information visualization tools for ID.",
keywords = "Glyphs, Information visualization, Intrusion detection, Multivariate display",
author = "A. Koml{\'o}di and Penny Rheingans and Utkarsha Ayachit and Goodall, {John R.} and Amit Joshi",
year = "2005",
doi = "10.1109/VIZSEC.2005.1532062",
language = "English",
isbn = "0780394771",
pages = "21--28",
booktitle = "IEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings",

}

TY - GEN

T1 - A user-centered look at glyph-based security visualization

AU - Komlódi, A.

AU - Rheingans, Penny

AU - Ayachit, Utkarsha

AU - Goodall, John R.

AU - Joshi, Amit

PY - 2005

Y1 - 2005

N2 - This paper presents the Intrusion Detection toolkit (IDtk), an information Visualization tool for intrusion detection (ID). IDtk was developed through a user-centered design process, in which we identiTed design guidelines to support ID users. ID analysts protect their networks by searching for evidence of attacks in ID system output, Trewall and system logs, and other complex, textual data sources. Monitoring and analyzing these sources incurs a heavy cognitive load for analysts. The use of information visualization techniques offers a valuable addition to the toolkit of the ID analyst. Several visualization techniques for ID have been developed, but few usability or Teld studies have been completed to assess the needs of ID analysts and the usability and usefulness of these tools. We intended to Tll this gap by applying a user-centered design process in the development and evaluation of IDtk, a 3D, glyph-based visualization tool that gives the user maximum texibility in setting up how the visualization display represents ID data. The user can also customize whether the display is a simple, high-level overview to support monitoring, or a more complex 3D view allowing for viewing the data from multiple angles and thus supporting analysis and diagnosis. This texibility was found crucial in our usability evaluation. In addition to describing the tool, we report the Tndings of our user evaluation and propose new guidelines for the design of information visualization tools for ID.

AB - This paper presents the Intrusion Detection toolkit (IDtk), an information Visualization tool for intrusion detection (ID). IDtk was developed through a user-centered design process, in which we identiTed design guidelines to support ID users. ID analysts protect their networks by searching for evidence of attacks in ID system output, Trewall and system logs, and other complex, textual data sources. Monitoring and analyzing these sources incurs a heavy cognitive load for analysts. The use of information visualization techniques offers a valuable addition to the toolkit of the ID analyst. Several visualization techniques for ID have been developed, but few usability or Teld studies have been completed to assess the needs of ID analysts and the usability and usefulness of these tools. We intended to Tll this gap by applying a user-centered design process in the development and evaluation of IDtk, a 3D, glyph-based visualization tool that gives the user maximum texibility in setting up how the visualization display represents ID data. The user can also customize whether the display is a simple, high-level overview to support monitoring, or a more complex 3D view allowing for viewing the data from multiple angles and thus supporting analysis and diagnosis. This texibility was found crucial in our usability evaluation. In addition to describing the tool, we report the Tndings of our user evaluation and propose new guidelines for the design of information visualization tools for ID.

KW - Glyphs

KW - Information visualization

KW - Intrusion detection

KW - Multivariate display

UR - http://www.scopus.com/inward/record.url?scp=33749533756&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33749533756&partnerID=8YFLogxK

U2 - 10.1109/VIZSEC.2005.1532062

DO - 10.1109/VIZSEC.2005.1532062

M3 - Conference contribution

AN - SCOPUS:33749533756

SN - 0780394771

SN - 9780780394773

SN - 0780394771

SN - 9780780394773

SP - 21

EP - 28

BT - IEEE Workshop on Visualization for Computer Security 2005, VizSEC 05, Proceedings

ER -