Integrated visualization of network security metadata from heterogeneous data sources

Abstract

In computer networks many components produce valuable information about themselves or other participants, especially security analysis relevant information. Although such information is intrinsically related as components are connected by a network, most of them still operate independently and do not share data amongst each other. Furthermore, the highly dynamic nature of a network hampers a profound understanding of security relevant situations, such as attack scenarios. Hence, a comprehensive view of the network including multiple information sources as well as temporal network evolution would significantly improve security analysis and evaluation capabilities. In this paper, we introduce a comprehensive approach for an integrated visualization, covering all aspects from data acquisition in various sources up to visual representation of the integrated information. We analyze the requirements on the basis of an exemplary scenario, propose solutions covering these demands based on the IF-MAP protocol, and introduce our software application VisITMeta as a prototypical implementation. We show how the graph-based IF-MAP protocol provides a graphical model for an integrated view of network security.