To effectively identify and respond to cyber threats, computer security analysts must understand the scale, motivation, methods, source, and target of an attack. Central to developing this situational awareness is the analyst's world knowledge that puts these attributes in context. What known exploits or new vulnerabilities might an anomalous traffic pattern suggest? What organizational, social, or geopolitical events help forecast or explain attacks and anomalies? Few visualization tools support creating, maintaining, and applying this knowledge of the threat landscape. Through a series of formative workshops with practicing security analysts, we have developed a visualization approach inspired by the human process of contextualization; this system, called NUANCE, creates evolving behavioral models of network actors at organizational and regional levels, continuously monitors external textual information sources for themes that indicate security threats, and automatically determines if behavior indicative of those threats is present on a network. © 2008 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Pike, W. A., Scherrer, C., & Zabriskie, S. (2008). Putting security in context: Visual correlation of network activity with real-world information. In Mathematics and Visualization (pp. 203–220). springer berlin. https://doi.org/10.1007/978-3-540-78243-8_14
Mendeley helps you to discover research relevant for your work.