VISNU: A Novel Visualization Methodology of Security Events Optimized for a Centralized SOC

Intrusion detection system(IDS) is one of the most powerful security devices in order to monitor cyber threats happening on the network. Since IDS raises an extremely large number of alerts (hereafter refered to as 'security events'), security experts are unable to analyze all of them in real time. To make matters worse, most of IDS provide only text-based information for the security events. In order to cope with this limitation, many approaches have been proposed on visualizing the security events. Since the existing visualization approaches focus on only a single organization, in many cases, they are not suitable for a centralized security operation center (CSOC) which is in charging of monitoring many organizations. In this paper, we propose a novel visualization VISualization system for finding out Network based Underneath attacks (VISNU) which can help security experts of the CSOC to analyze the security events more effectively. To this end, the VISNU classifies the security events according to each organization and displays them based on both real time and accumulated information such as the appreance patterns and their history, etc. The experimental results demonstrated that it is very useful for finding out an abnormal activites from the security events and provides better understandings and insights for analyzing them.

• Publication year

  2018

• Venue

  Asia Joint Conference on Information Security

• Publication date

  2018-08-01

• Fields of study

  Computer Science, Engineering

• Identifiers
  DOI 10.1109/AsiaJCIS.2018.00010
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• An Advanced Security Event Visualization Method for Identifying Real Cyber Attacks

  2017cited by this paper
• Visualization of actionable knowledge to mitigate DRDoS attacks

  2016cited by this paper
• Visual analytics for cyber red teaming

  2015cited by this paper
• Ensemble visualization for cyber situation awareness of network security data

  2015cited by this paper
• Cylindrical Coordinates Security Visualization for multiple domain command and control botnet detection

  2014cited by this paper
• Multiple queries with conditional attributes (QCATs) for anomaly detection and visualization

  2014cited by this paper
• A Study of a New Visualization IDS from Macro and Micro View

  2014cited by this paper
• Visual analytics for network security

  2012cited by this paper
• A Survey of Visualization Systems for Network Security

  2012cited by this paper
• DAEDALUS-VIZ: novel real-time 3D visualization for darknet monitoring-based alert system

  2012cited by this paper
• IDS Alert Visualization and Monitoring through Heuristic Host Selection

  2010cited by this paper
• Alerts Analysis and Visualization in Network-based Intrusion Detection Systems

  2010cited by this paper
• Introduction to Visualization for Computer Security

  2007cited by this paper
• Hierarchical Visualization of Network Intrusion Detection Data

  2006cited by this paper
• IPMatrix: an effective visualization framework for cyber threat monitoring

  2005cited by this paper
• PCAV: Internet Attack Visualization on Parallel Coordinates

  2005cited by this paper
• A visualization paradigm for network intrusion detection

  2005cited by this paper
• Visual correlation for situational awareness

  2005cited by this paper
• IDS rainStorm: visualizing IDS alarms

  2005influential reference
• SnortView: visualization system of snort logs

  2004cited by this paper

• Empowering Security Operation Center With Artificial Intelligence and Machine Learning—A Systematic Literature Review

  2025cites this paper
• Clustering and Visualization of Network Security-Related Data using Elastic Stack

  2023cites this paper
• Cyber Security Operations Centre Concepts and Implementation

  2020cites this paper
• Security Operations Center: A Systematic Study and Open Challenges

  2020cites this paper
• VKE: a Visual Analytics Tool for CyberSecurity Data

  2019cites this paper
• Challenges and performance metrics for security operations center analysts: a systematic review

  2019cites this paper