Workshop on Statistical and Machine
Learning Techniques in Computer
Intrusion Detection
Review of Information Visualization in Networking
Stefano Foresti and Jim Agutter
Abstract:
Information Visualization (InfoVis) is an emerging field addressing visual
representations of abstract information. Because of the overabundance
of
data in every corner of our society, information visualization is researched
in many fields, but the projects tend to be scattered and lack synergy
from application to another.
We have made the following observations in the cybersecurity
world:
- intrusion detection research is focused around the use of data mining
and statistical methods to identify signatures in data logs;
- thousands of network engineers are handling problems (including intrusion
detection) in the network they administer, but their knowledge is not
formally codified;
- higher-level decision makers care for network events in context of their
mission and plan, but have different priorities with respect to the resolutions
by analysts and administrators.
These roles and information spaces are loosely connected,
while the mission,
plans and activities of organizations as well as cyberattackers are dynamic
and evolve very rapidly.
We believe that in order to improve situation awareness
and decision making
toward a dynamic and predictive environment, there is a need to address
the
following activities with an interdisciplinary and integrative approach:
- extract available heuristic knowledge from the different types of experts;
- aggregate working methodologies, algorithms and procedures;
- codify the distributed knowledge to feed users' decision support systems;
- address the different needs of the user, and their context, mission
and expertise;
- design audio-visual displays targeted to such users and their evolving
requirements.
For the past six years, our interdisciplinary team (Center
for the Representation of Multi-Dimensional Information, University of
Utah,
www.cromdi.utah.edu) has developed a new data representation paradigm
to respond to complex information problems in Anesthesiology, Finance
and Defense. CROMDI's methodology integrates distinct advances in
cognitive psychology, audio-visual design, computer visualization, with
heuristic knowledge from domain experts, that supports the development
of audio-visual displays for users.
This presentation will:
- distinguish the different objectives of information visualization,
- review and discuss visualizations and research in networking,
- overview the interdisciplinary design method with examples.