Interactive Detection of Network Anomalies via Coordinated Multiple Views

Lane Harrison
March 24, 2011 - 12:30 PM
Woodward 130
Security visualization involves the use of visualization methods to augment existing security infrastructures, often related to the security of computer networks and individual systems. Security analysts have found that algorithms derived from spectral theory have been useful in the areas of network monitoring and intrusion detection. However, these algorithms require proper parameterization in order to ensure that their outputs contain useful information. Furthermore, such algorithms remain difficult for analysts to understand and parameterize due to their complexity and the dynamic/noisy nature of data generated by networks. We have found that visualization can be used to mitigate these challenges. This talk will introduce the area of security visualization, and cover in-depth an approach that integrates spectral algorithms with visualization techniques which facilitate parameterization in order to detect malicious nodes in a network.