Design and development of a visualisation framework

Generally, in terms of network security, the effectiveness of developed methods depends on as much data as possible is collected and stored about a network. This leads to a situation where vast quantities of information are available, but not in a form that is easily accessible to a human analyst. The need for effective visualisation techniques is discussed at great length in [26], “to enable the analysis of overwhelming amounts of disparate, conflicting and dynamic information to identify and prevent emerging threats…”. A European take on visual analytics, from a workshop organised by the Fraunhofer-Institute for Computer Graphics (IGD) and the University of Konstanz in cooperation with DG INFSO F5 Unit "Security", is given in a white paper [27]. This summarises the goals of research in visual analytics as to: “analyse the data and distil relevant task-oriented information from it, and present this information by using visual and interactive means such that the human user can make the most of it in the shortest time and with the least effort.” Both publications highlight the need for further research and development of techniques for visual analytics. 
In terms of network security, these visualisations could be used in two ways: (1) to enable an analyst to detect that an attack is underway; or (2) once an attack or intrusion is detected automatically, to enable fast accurate analysis of the type of attack enabling more effective counter-measures to be implemented.
Various research activities have been undertaken in visual analytics for network security (for example [28, 29, 30]), however, most tend to focus on a specific visualisation with a niche purpose. In addition, some tools for network security visualisation have been developed such as Tudumi, Open e-Security and VizFlowConnect-IP. These tend to provide particular visualisations for an aspect of network security, which are not able to adaptab to a changing threat. More general approaches to visualisation, such as OpenDX, ADVIZOR and Spotfire, would not be immediately suitable for the real-time monitoring of networks, but may provide useful insights into visualisation systems. 
We propose to explore various visualisation techniques and develop a visualisation framework. The framework will enable an adaptable system so that visualisations can be dynamically changed and customised in real-time to allow for the most effective technique to be used at any one time. This will provide resilience to the ever-changing threats to network security. 
The importance of the appropriateness of the visualisation is emphasised by Tufte [31] who describes how an inappropriate visualisation can lead to the wrong conclusions being drawn from the data. To this end, visualisations will be properly validated using task-based evaluation to examine how quickly and accurately an expert can gain insight into the data from each type of visualisation.

References

[26] J. J. Thomas and K. A. Cook (Editors), “Illuminating the Path: The Research and Development Agenda for Visual Analytics”, (The National Visualization and Analytics Center, August 2005, available at http://nvac.pnl.gov/agenda.stm)

[27] J. Kohlhammer, D. Keim et al, “Visual Analytics: Mastering the Information Age”, (March 2007, available at http://www.igd.fraunhofer.de/igd-a3/downloads/VA/Whitepaper_Visual_Analytics.pdf)

[28] J. Tolle, O. Niggemann, “Supporting Intrusion Detection by Graph Clustering and Graph Drawing”, Symposium on Recent Advances in Intrusion Detection (RAID), 2000

[29] Patrick Hertzog, “Visualizations to Improve Reactivity Towards Security Incidents Inside Corporate Networks”, 3rd International Workshop on Visualization for Computer Security (VizSEC'06), Fairfax Virginia USA, November, 2006 

[30] S. Mathew, R. Giomundo, S. Upadhyaya, M. Sudit and A. Stotz, “Understanding Multistage Attacks by Attack-Track Based Visualization of Heterogeneous Event Streams”, 3rd International Workshop on Visualization for Computer Security (VizSEC'06), Fairfax Virginia USA, November, 2006

[31] E. R. Tufte, “Visual Explanations: Images and Quantities, Evidence and Narrative”, Second Edition (Graphics press, Cheshire, Connecticut, 2001)

Back to Project Detail