Evaluate the effectiveness of Threat identification and Attack detection through Security Visualization

Abstract

As networks become more complex, intrusion attempts, and possible attacks are constantly increased exponentially. Textual analysis of log files through conventional methods presently insufficient to provide a well-secured network environment or a system. Security information can be presented visually as well as in textual form using graphical visualization. A comprehensive analysis of existing visualization tools is needed to assist network security and security visualization product designers to recognize shortcomings in their products under various circumstances. Moreover, guidelines for existing visualization tools are needed to gain the effective usage of existing security visualization tools. In this study, the author has empirically analyzed the effectiveness of existing security visualization tools by examining the usage of chosen visualization tools. Experiments were performed under several scenarios which formulate a better understanding of behaviors of security visualization tools on security breaches of a computer system and network environment and for identification of reconnaissance attempts throughout the study. The experimental results revealed design issues specific to each chosen visualization tools. Meanwhile the author discussed the behaviors of security visualization tools from the perspective of design issues for instance visual primitives, user interaction, security analysis tasks, etc. with supporting literature. Finally, based on this study, the author has attempted to provide useful guidelines as recommendations in order to assist in designing feature-rich security visualization tools with their existing features and techniques.