Attack graphs for large enterprise networks improve security by revealing critical paths used by adversaries to capture network assets. Even with simplification, current attack graph displays are complex and difficult...
详细信息
ISBN:
(数字)9783540782438
ISBN:
(纸本)9783540782421
Attack graphs for large enterprise networks improve security by revealing critical paths used by adversaries to capture network assets. Even with simplification, current attack graph displays are complex and difficult to relate to the underlying physical networks. We have developed a new interactive toot intended to provide a simplified and more intuitive understanding of key weaknesses discovered by attack graph analysis. Separate treemaps are used to display host groups in each subnet and hosts within each treemap are grouped based on reachability, attacker privilege level, and prerequisites. Users position subnets themselves to reflect their own intuitive grasp of network topology. Users can also single-step the attack graph to successively add edges that cascade to show how attackers progress through a network and learn what vulnerabilities or trust relationships allow critical steps. Finally, an integrated reachability display demonstrates how filtering devices affect host-to-host network reachability and influence attacker actions. This display scales to networks with thousands of hosts and many subnets. Rapid interactivity has been achieved because of an efficient C++ computation engine (a program named NetSPA) that performs attack graph and reachability computations, while a Java application manages the display and user interface.
Visalert is a visualization system designed to increase the monitoring and correlation capabilities of computer network analysts engaged in intrusion detection and prevention. VisAlert facilitates and promotes situati...
详细信息
ISBN:
(数字)9783540782438
ISBN:
(纸本)9783540782421
Visalert is a visualization system designed to increase the monitoring and correlation capabilities of computer network analysts engaged in intrusion detection and prevention. VisAlert facilitates and promotes situational awareness in complex network environments by providing the user with a holistic view of network security to aid in the detection of sophisticated and malicious activities, and ability to zoom in-out information of interest. The system provides a mechanism to access data from multiple databases, and to correlate who, what, when and where. This chapter describes the design process that enabled the team to go from the conception of rough visual sketches to the implementation and deployment of a finished software. In addition, the chapter describes the issues that the interdisciplinary team had to address to carry the project from idea to product.
This article proposes to go beyond the standard visualization application for security management, which is usually day-to-day monitoring. For this purpose, it introduces a pyramidal vision of the network intelligence...
详细信息
ISBN:
(数字)9783540782438
ISBN:
(纸本)9783540782421
This article proposes to go beyond the standard visualization application for security management, which is usually day-to-day monitoring. For this purpose, it introduces a pyramidal vision of the network intelligence and of the respective role of information visualization to support not only security engineers, but also analysts and managers. The paper first introduces our holistic vision and discusses the need to reduce the complexity of network data in order to abstract analysis and trends over time and further to convert decisions into actions. The article further introduces the analysis tasks we are currently tackling. The two following sections present two different ways to overview network data concentrating on specific dimensions of network security: user and application centric firstly, and alarm and temporal centric secondly. Finally this article concludes with the limitations and challenges introduced by our approach.
Enabling insight into large and complex datasets is a prevalent theme in visualization research for which different approaches are pursued. Topology-based methods are built on the idea of abstracting characteristic st...
ISBN:
(数字)9783540708230
ISBN:
(纸本)9783540708223
Enabling insight into large and complex datasets is a prevalent theme in visualization research for which different approaches are pursued. Topology-based methods are built on the idea of abstracting characteristic structures such as the topological skeleton from the data and to construct the visualizations accordingly. There are currently new demands for and renewed interest in topology-based visualization solutions. This book presents 13 peer-reviewed papers as written results from the 2005 workshop Topology-Based Methods in visualization that was initiated to enable additional stimulation in this field. It contains a longer chapter dedicated to a survey of the state-of-the-art, as well as a great deal of original work by leading experts that has not been published before, spanning both theory and applications. It captures key concepts and novel ideas and serves as an overview of current trends in topology-based visualization research.
This paper presents a new algorithm for computing the intersection of a rational revolution surface or a canal surface, given in parametric or implicit form, and another surface given in parametric form. The problem i...
详细信息
ISBN:
(纸本)354033274X
This paper presents a new algorithm for computing the intersection of a rational revolution surface or a canal surface, given in parametric or implicit form, and another surface given in parametric form. The problem is reduced to finding the zero set of a bivariate equation which represents the parameter values of the intersection curve, as a subset of one of the surfaces. The algorithm involves both symbolic and numerical computations, and follows three steps: implicitization of the first surface, determination of the topology of the intersection curve, and computation of the curve. The algorithm applies equally well to any other type of surfaces whose parametric equations can be reduced to a set of two equations with only one parameter.
暂无评论