Putting Security in Context: Visual Correlation of Network Activity with Real-World Information

To effectively identify and respond to cyber threats, computer security analysts must understand the scale, motivation, methods, source, and target of an attack. Central to developing this situational awareness is the analyst’s world knowledge that puts these attributes in context. What known exploits or new vulnerabilities might an anomalous traffic pattern suggest? What organizational, social, or geopolitical events help forecast or explain attacks and anomalies? Few visualization tools support creating, maintaining, and applying this knowledge of the threat landscape. Through a series of formative workshops with practicing security analysts, we have developed a visualization approach inspired by the human process of contextualization; this system, called NUANCE, creates evolving behavioral models of network actors at organizational and regional levels, continuously monitors external textual information sources for themes that indicate security threats, and automatically determines if behavior indicative of those threats is present on a network.

Authors and Affiliations

1. Pacific Northwest National Laboratory, MSIN K7-28, P.O. Box 999, Richland, WA, 99352, USA

   W. A. Pike, C. Scherrer & S. Zabriskie

Editors and Affiliations

1. Secure Decisions Division, Applied Vision, Inc., 6 Bayview Ave., Northport, NY, 11768, USA

   John R. Goodall

2. Department of Electrical Engineering and Computer Science, United States Military Academy, West Point, NY, 10996, USA

   Gregory Conti

3. Department of Computer Science, University of California, One Shields Avenue, Davis, CA, 95616, USA

   Kwan-Liu Ma

Reprints and permissions

© 2008 Springer-Verlag Berlin Heidelberg

Policies and ethics