Introduction To Visualization For Computer Security Ornl-Books Pdf

Introduction to Visualization for Computer Security ORNL
28 May 2020 | 22 views | 0 downloads | 17 Pages | 564.54 KB

Share Pdf : Introduction To Visualization For Computer Security Ornl

Download and Preview : Introduction To Visualization For Computer Security Ornl


Report CopyRight/DMCA Form For : Introduction To Visualization For Computer Security Ornl



Transcription

2 John R Goodall, In the two decades since Stoll s investigation computer security has become an. overriding concern of all types of organizations New systems and protocols have. been developed and adopted to prevent and detect network intruders But even with. these advances the central feature of Stoll s story has not changed humans are still. crucial in the computer security process Administrators must be willing to patiently. observe and collect data on potential intruders They need to think quickly and cre. atively They collaborate and coordinate their actions with colleagues Humans are. still as central to computer security today as they were twenty years ago Technolo. gies have evolved and many security processes have been automated but the ana. lytic capabilities and creativity of humans are paramount in many security related. practices particularly in intrusion detection the focus of this chapter Because of. this not all security work should be or can be automated Humans are and should. be central to security practice This central feature of computer security is at the. core of visualization for computer security VizSec. Many things have changed since Stoll s time In conjunction with the rapid. growth of the Internet and increased organizational dependence on networked in. formation technology the frequency and severity of network based attacks has in. creased drastically Allen et al 1999 At the same time there is an inverse relation. ship between the decreasing expertise required to execute attacks and the increasing. sophistication of those attacks less skill is needed to do more damage McHugh. 2001 As we have come more and more to rely on the ability to network computers. and access information online attacks are becoming more pervasive easier to carry. out and more destructive, Despite this increasing threat and concerted efforts on preventative security mea. sures vulnerabilities remain The reasons for these include programming errors. design flaws in foundational protocols and the insider abuse problem of legitimate. users misusing their privileges Lee et al 2000 While it is theoretically possible. to remove all security vulnerabilities through formal methods and better engineer. ing practices practically it remains infeasible Hofmeyr et al 1998 Thus even. as security technologies and practices improve the threat to network infrastructures. Automated systems to combat this threat are one potential solution but most. automated systems require vigilant human oversight This automated approach un. dervalues the strong analytic capabilities of humans While automation affords op. portunities for increased scalability humans provide the ability to handle exceptions. and novel patterns A technical report on intrusion detection technologies noted that. while security vendors attempt to fully automate intrusion diagnosis a more realis. tic approach is to involve the human in the diagnostic loop computers can process. large amounts of data but cannot match humans analytic skills Allen et al 1999. Humans excel at recognizing novel patterns in complex data and computer se. curity support tools should integrate these intricate sense making capabilities of the. human analyst with the ability of technology to process vast quantities of data In. order to effectively support human analysts and keep them in the diagnostic loop. it is necessary to fully comprehend the work security analysts do how they do it. Introduction to Visualization for Computer Security 3. and how their work processes can be improved by taking advantage of the inherent. strengths of both technology and humans, One method to counteracting this ever increasing threat is to provide the hu. man security analysts with better tools to discover patterns detect anomalies iden. tify correlations and communicate their findings This is what visualization for. computer security VizSec researchers and developers are doing VizSec is about. putting robust information visualization tools into the hands of humans to take ad. vantage of the power of the human perceptual and cognitive processes in solving. computer security problems,2 Information Visualization. Because of the vast amounts of data analysts work with the need to recognize pat. terns and anomalies and the importance of keeping humans in the loop information. visualization shows great potential for supporting computer security work Put sim. ply information visualization turns data into interactive graphical displays Infor. mation visualization takes advantage of the highest bandwidth human input device. vision and human perceptual capabilities Information visualization can be used. for exploration discovery decision making and to communicate complex ideas to. Information visualization is distinct from the broader field of data graphics In. formation visualization is interactive the user will have tools to adjust the display in. order to gain a more meaningful understanding of the data being presented Unlike. scientific visualization which is concerned with representing physically based data. such as the human body molecules or geography information visualization rep. resents abstract data to do so often requires creativity on the designers part since. there is no existing structure to map the data to the graphical display This is one of. the inherent problems in developing an effective information visualization mapping. the data spatially in a meaningful manner At the core of information visualization. is the goal of amplifying cognition the intellectual processes in which information. is obtained transformed stored retrieved and used Card 2003 Information vi. sualization is able to augment cognition by taking advantage of human perceptual. capabilities, Information visualization involves the use of computer supported visual repre.
sentations of abstract data to amplify cognition by taking advantage of human per. ceptual capabilities Card et al 1999 Card Mackinlay and Shneiderman 1999. propose six ways that information visualization can amplify cognition 1 increased. resources 2 reduced search 3 enhanced recognition of patterns 4 enabling per. ceptual inference 5 using perceptual monitoring and 6 encoding information in. a manipulable medium Visualization increases memory and processing resources. by permitting parallel processing of data and offloading work from the cognitive to. perceptual memory Graphical information displays can often be processed in paral. lel as opposed to textual displays which are processed serially Visualization shifts. 4 John R Goodall, the cognitive processing burden to the human perceptual system which can expand. working memory and the storage of information Information visualization reduces. the processes of searching by grouping information together in a small dense space. Pattern recognition one of the key elements in recognizing intrusion detections is. another of the benefits of visualization which emphasizes recognition rather than re. call another way in which working memory is expanded Visual representations can. often make an anomaly obvious to the user by taking advantage of human percep. tual inference and monitoring abilities Finally information visualization encodes. the data in a manipulable form that permits the user to browse and explore the data. Fig 1 A treemap visualization of the source code for the prefuse visualization toolkit showing the. hierarchy of the code as it is organized into packages where each node represents a source code. file and the size of nodes shows the file size and color the last modified date. One of the most successful examples of an information visualization technique is. the treemap The original treemap layout was designed by Ben Shneiderman to ef. fectively use display space when visualizing a hard drive s files and their attributes. such as file size and type Shneiderman 1992 The treemap was a recursive al. gorithm that split the display space into rectangles alternating in horizontal and. vertical directions The size and the color of the leaf node rectangles can encode. attributes of the data In the original implementation visualizing a computer disk. color represented file type and size represented file size An example application of. a treemap is an alternative method of viewing software source code as shown in Fig. 1 In this example nodes represent source code files organized into their package. hierarchy Color is used to show the file s last modification time with green hues. being more recently modified Treemap visualizations have been adapted to many. Introduction to Visualization for Computer Security 5. different applications of understanding hierarchical data such as newsgroup activ. ity stock market performance election results and sports statistics For a history. of treemaps and their many applications by Ben Shneiderman see Shneiderman. Fig 2 The FilmFinder information visualization application combining a starfield display with. dynamic queries 1994,c ACM Inc Included here by permission. FilmFinder shown in Fig 2 is an early example of an information visualiza. tion that highlights the importance of interaction Ahlberg and Shneiderman 1994. FilmFinder combines a starfield display a scatterplot where each data item is repre. sented by a point with dynamic queries so that the display is continuously updated. as the user filters to refine the selection This is an excellent example of the impor. tance of interaction in information visualization The display itself is fairly simple. time is plotted on the x axis and ratings on the y axis with color coded to genre. But the dynamic queries through sliders and other widgets prevent user errors and. instantly show the results of complex queries The system is an exemplar of the. Visual Information Seeking Mantra Overview First Zoom and Filter then Details. on Demand Shneiderman 1996 This approach encourages exploration and un. derstanding of the data set as a whole while providing a method for drilling down. to the actual data details Many of the VizSec systems described below follow this. methodology,3 Visualization for Computer Network Defense. There are many potential applications of information visualization to the problems. of computer security including,Visualization for detecting anomalous activity. Visualization for discovering trends and patterns, Visualization for correlating intrusion detection events.
Visualization for computer network defense training. Visualization for offensive information operations. Visualization for seeing worm propagation or botnet activity. Visualization for forensic analysis,6 John R Goodall. Visualization for understanding the makeup of malware or viruses. Visualization for feature selection and rule generation. Visualization for communicating the operation of security algorithms. This is a non exhaustive list of the kinds of tasks that VizSec tools can be designed. to support Because networks and the Internet are so important to the operations of. today s organizations and since the network is the source of most computer based. attacks the majority of VizSec research has targeted supporting the tasks associated. withthe defense of enterprise networks from outside attack or insider abuse This. section will focus on the data sources and results of the research into visualization. for computer network defense CND,3 1 Data Sources for Computer Network Defense. The research of VizSec for computer network defense can be organized according. to the level of networking data to be visualized At the base most raw level is a. network packet trace A packet consists of the TCP IP header which defines how a. packet gets from point A to point B and payload data the contents of the packet At. a higher level of abstraction is a network flow Originally developed for accounting. purposes network flows have been increasingly used for computer security applica. tions A flow is an aggregated record of the communications between two distinct. machines A flow is typically defined by the source and destination Internet Proto. col addresses the source and destination ports and the protocol Flows are much. more compact than packet traces but sacrifice details and have no payload data At. a higher level of abstraction are automated systems that reduce network data to in. formation such as an intrusion detection system IDS An IDS examines network. traffic and automatically generates alerts of suspicious activity All three of these. levels operate on the enterprise network level At a finer level of granularity is the. visualization of data about individual computer systems or applications and at a. higher level is the visualization of data about the Internet. The remainder of this section will describe a selection of VizSec research that. targets the enterprise network level which is generally the focus of CND. 3 2 VizSec to support Computer Network Defense, This section presents representative visualization research projects for each of the. levels of enterprise network security The examples presented here each solve an. important problem Rumint facilitates the understanding of packet payloads tnv al. lows analysts to move from a high level overview of packet activity to raw details. NVisionIP enables analysts to use visualization to create automation rules FlowTag. assists collaboration and sharing through tagging of data VisAlert enables the in. Introduction to Visualization for Computer Security John R Introduction to Visualization for Computer information visualization turns data into interactive

Related Books

W M S NORMATIVITIES FOR MOTHERHOOD IN THE S F NBC 1994 2004

W M S NORMATIVITIES FOR MOTHERHOOD IN THE S F NBC 1994 2004

Watching Mothers 2017 N 6 GENRE EN S RIES CIN MA T L VISION M DIAS 87 WATCHING MOTHERS SEEKING NEW NORMATIVITIES FOR MOTHERHOOD IN THE SITCOM FRIENDS NBC 1994 2004 Jessica THRASHER CHENOT R SUM Cet article propose d tudier les repr sentations des m res et de la maternit dans Friends c l bre sitcom am ricaine des ann es 1990 2000 diffus e sur la

Gender Stereotypes in the Sitcom Friends Content Analysis

Gender Stereotypes in the Sitcom Friends Content Analysis

Kelly Reed Indiana Wesleyan University GENDER STEREOTYPES IN THE SITCOM FRIENDS 2 A Content Analysis Introduction One research method is to perform a content analysis on the subject in which the researcher wishes to expand knowledge This study over gender stereotypes is a content analysis A content analysis is a way to understand text and image in numbers and is a quantitative research

Situationskomedins dramaturgiska struktur

Situationskomedins dramaturgiska struktur

som skrivs f r teve i Television Dialogue The sitcom Friends vs natural conversation 2009 d r han anv nder Friends som ett exempel p den sistn mnda varianten Blockbuster TV Must see sitcoms in the Network era 2000 av Janet Staiger analyserar fyra av de mest framg ngsrika amerikanska situationskomedierna deras inneh ll och publikp verkan medan Television Sitcom 2005 av

T E L E V I S I O N F O R MA T amp S T Y L E S T A N DA R DS

T E L E V I S I O N F O R MA T amp S T Y L E S T A N DA R DS

Half Hour Comedy or Sitcom The half hour format is usually reserved for more comedic series including the sitcom These series follow a three act structure often including a teaser also called a cold open and a tag at the end

OPERATION AND MAINTENANCE MANUAL Fermer Ru

OPERATION AND MAINTENANCE MANUAL Fermer Ru

OPERATION AND MAINTENANCE MANUAL Deere Power Systems Group OMRG25204 20MAY96 LITHO IN U S A ENGLISH POWERTECH4 5 L amp 6 8 L 4045 and 6068 OEM Diesel Engines 1996 EPA Certification Levels U S A Introduction READ THIS MANUAL carefully to learn how to operate and service your engine correctly Failure to do so could result in personal injury or equipment damage THIS MANUAL SHOULD BE

OPERA TION AND SERVICE MANU AL Central States Diesel

OPERA TION AND SERVICE MANU AL Central States Diesel

OPERA TION AND SERVICE MANU AL Deere P o wer Systems Gr oup OMRG18293 Issue H4 LITHO IN U S A ENGLISH OEM Diesel Engines Series 300 3029 4039 4045 6059 and 6068 This manual replaces OMRG18293 C3 READ THIS MANUAL CAREFULLY to learn how to operate and service your engine corectly Failure to do so could result in personal injury or equipment damage THIS MANUAL SHOULD BE CONSIDERED a

PeopleNet Installation Manual Pivot Technology Resources

PeopleNet Installation Manual Pivot Technology Resources

PeopleNet Installation Manual The PeopleNet Installation Manual provides step by step instructions for installing PeopleNet Onboard Computer systems in vehicles

Troubleshooting JustAnswer

Troubleshooting JustAnswer

tually the transmission or possibly the Freightliner Troubleshooting Century Class Trucks Workshop Manual Supplement 28 June 2007 300 1 Shift Control Resistance Checking Parts See Table 1 for parts Parts for Wire Extension Part Number Description Qty PAC12110847 Metri Pack Terminal 3 PAC12047767 Connector Terminal 3 48 02493 184 18GA GTX Wire Yellow 3 ft x 3 PAC12047781 3 Pin

AIR BRAKE SYSTEM TROUBLESHOOTING Suspension Specialists

AIR BRAKE SYSTEM TROUBLESHOOTING Suspension Specialists

QUALITY HEAVY DUTY PARTS Page 13 AIR BRAKE SYSTEM TROUBLESHOOTING 1 Before replacing any valve with a new or remanufactured valve be sure to blow the air lines out either using the vehicle s own air supply or shop air Dirt is the greatest cause of premature air valve failure 2 If pipe dope is used on fittings use it sparingly This can also get into the unit and cause a failure 3

Condor Maintenance Manual American LaFrance

Condor Maintenance Manual American LaFrance

Parts Technical Manual American LaFrance tions refer to Group 60 of the Condor Workshop Man ual 7 Continue to operate the pump handle until the cab is tilted open about 30 degrees IMPORTANT If the cab stops moving while it is being raised don t force it to move with the tilt pump The velocity fuses have locked up the tilt cylinders To Cab Tilting 00 04 General Information

926 service manual Ariens

926 service manual Ariens

926 Sno Thro 0 02983600 06 07 Printed in USA Service Manual Models 926001 002 003 004 005 006 007 008 009 010 011 012 101 102 103 300 301 302 3 03