Skip to main content
SpringerLink
Log in

A Scalable Aural-Visual Environment for Security Event Monitoring, Analysis, and Response

  • Conference paper
Advances in Visual Computing (ISVC 2007)

Part of the book series: Lecture Notes in Computer Science ((LNIP,volume 4841))

Included in the following conference series:

Abstract

Intrusion detection systems gather large quantities of host and network information in an attempt to detect and respond to attacks against an organization. The widely varying nature of attacks makes humans essential for analysis, but the sheer volume of data can quickly overwhelm even experienced analysts. Existing approaches utilize visualization to provide rapidly comprehensible representations of the data, but fail to scale to real-world environments due to unrealistic data handling and lack of response facilities. This paper introduces a new tool for security event monitoring, analysis, and response called Savors. Savors provides suitable scalability by utilizing three additional areas of computing. High-end computing brings large amounts of on-demand processing to bear on the problem. Auralization allows both monitoring and analysis to be performed in parallel. Finally, grid computing provides the basis for remote data access and response capabilities with seamless and secure access to organization resources.

This work is supported by the NASA Advanced Supercomputing Division under Task Order NNA05AC20T (Contract GS-09F-00282) with Advanced Management Technology Inc.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abdullah, K., Lee, C., Conti, G., Copeland, J., Stasko, J.: IDS RainStorm: Visualizing IDS Alarms. In: IEEE Wkshp. on Visualization for Computer Security (October 2005)

    Google Scholar 

  2. Bruls, M., Huizing, K., van Wijk, J.J.: Squarified Treemaps. In: 2nd Joint Eurographics - IEEE TCVG Symp. on Visualization (May 2000)

    Google Scholar 

  3. Conti, G., Abdullah, K.: Passive Visual Fingerprinting of Network Attack Tools. In: ACM Wkshp. on Visualization and Data Mining for Computer Security (October 2004)

    Google Scholar 

  4. Conti, G., Grizzard, J., Ahamad, M., Owen, H.: Visual Exploration of Malicious Network Objects Using Semantic Zoom, Interactive Encoding and Dynamic Queries. In: IEEE Wkshp. on Visualization for Computer Security (October 2005)

    Google Scholar 

  5. Enlightened Sound Daemon, http://www.tux.org/~ricdude/EsounD.html

  6. Foresti, S., Agutter, J., Livnat, Y., Moon, S., Erbacher, R.: Visual Correlation of Network Alerts. IEEE Computer Graphics and Applications 26(2) (March 2006)

    Google Scholar 

  7. Gansner, E.R., North, S.C.: An Open Graph Visualization System and Its Applications to Software Engineering. Software: Practice and Experience 30(11) (August 2000)

    Google Scholar 

  8. Gilfix, M., Couch, A.: Peep (The Network Auralizer): Monitoring Your Network With Sound. In: 14th USENIX Large Installation System Administration Conf., (December 2000)

    Google Scholar 

  9. Goodall, J.R., Lutters, W.G., Rheingans, P., Komlodi, A.: Focusing on Context in Network Traffic Analysis. IEEE Computer Graphics and Applications 26(2) (March 2006)

    Google Scholar 

  10. Kolano, P.Z.: Maintaining High Performance Communication Under Least Privilege Using Dynamic Perimeter Control. In: 12th European Symp. on Research in Computer Security (September 2007)

    Google Scholar 

  11. Kolano, P.Z.: Mesh: Secure, Lightweight Grid Middleware Using Existing SSH Infrastructure. In: 12th ACM Symp. on Access Control Models and Technologies (June 2007)

    Google Scholar 

  12. Lee, C., Trost, J., Gibbs, N., Beyah, R., Copeland, J.A.: Visual Firewall: Real-time Network Security Monitor. In: IEEE Wkshp. on Visualization for Computer Security (October 2005)

    Google Scholar 

  13. Libpcap format, wiki.wireshark.org/Development/LibpcapFileFormat

  14. Lidie, S.: Perl and the Tk Extension. The Perl Journal 1(1) (1996)

    Google Scholar 

  15. Papadopoulos, C., Kyriakakis, C., Sawchuk, A., He, X.: CyberSeer: 3D Audio-Visual Immersion for Network Security and Management. In: ACM Wkshp. on Visualization and Data Mining for Computer Security (October 2004)

    Google Scholar 

  16. Sandstrom, T.A., Henze, C., Levit, C.: The Hyperwall. In: 1st Intl. Conf. on Coordinated and Multiple Views in Exploratory Visualization (2003)

    Google Scholar 

  17. Trammell, B., Boschi, E., Mark, L., Zseby, T., Wagner, A.: An IPFIX-Based File Format. IETF Internet Draft (July 2007)

    Google Scholar 

  18. Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: A Comprehensive Approach to Intrusion Detection Alert Correlation. IEEE Trans. on Dependable and Secure Computing 1(3) (July 2004)

    Google Scholar 

  19. Xu, J., Fan, J., Ammar, M.H., Moon, S.B.: Prefix-Preserving IP Address Anonymization: Measurement-based Security Evaluation and a New Cryptography-based Scheme. In: 10th IEEE Intl. Conf. on Network Protocols (November 2002)

    Google Scholar 

  20. Yurcik, W.: Visualizing NetFlows for Security at Line Speed: The SIFT Tool Suite. In: 19th USENIX Large Installation System Administration Conf. (December 2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. NASA Advanced Supercomputing Division, NASA Ames Research Center, M/S 258-6, Moffett Field, CA 94035, U.S.A

    Paul Z. Kolano

Authors
  1. Paul Z. Kolano
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

George Bebis Richard Boyle Bahram Parvin Darko Koracin Nikos Paragios Syeda-Mahmood Tanveer Tao Ju Zicheng Liu Sabine Coquillart Carolina Cruz-Neira Torsten Müller Tom Malzbender

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kolano, P.Z. (2007). A Scalable Aural-Visual Environment for Security Event Monitoring, Analysis, and Response. In: Bebis, G., et al. Advances in Visual Computing. ISVC 2007. Lecture Notes in Computer Science, vol 4841. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76858-6_55

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-76858-6_55

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-76857-9

  • Online ISBN: 978-3-540-76858-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation