A User Study of the Visualization-Assisted Evaluation and Management of Network Security Detection Events and Policies
Saved in:
| Title: | A User Study of the Visualization-Assisted Evaluation and Management of Network Security Detection Events and Policies |
|---|---|
| Authors: | Ahlers, Volker, Hellmann, Bastian, Dreo Rodosek, Gabi |
| Source: | 2019 10th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). :668-673 |
| Publisher Information: | IEEE, 2019. |
| Publication Year: | 2019 |
| Subject Terms: | Rechnernetz, Computersicherheit, Benutzeroberfläche, 0202 electrical engineering, electronic engineering, information engineering, 02 engineering and technology, ddc:004, Visualisierung, 004 Informatik |
| Description: | Intrusion detection systems and other network security components detect security-relevant events based on policies consisting of rules. If an event turns out as a false alarm, the corresponding policy has to be adjusted in order to reduce the number of false positives. Modified policies, however, need to be tested before going into productive use. We present a visual analysis tool for the evaluation of security events and related policies which integrates data from different sources using the IF-MAP specification and provides a ���what-if��� simulation for testing modified policies on past network dynamics. In this paper, we will describe the design and outcome of a user study that will help us to evaluate our visual analysis tool. |
| Document Type: | Article Conference object |
| File Description: | application/pdf |
| DOI: | 10.1109/idaacs.2019.8924439 |
| DOI: | 10.25968/opus-2154 |
| Access URL: | https://serwiss.bib.hs-hannover.de/files/2154/ahlers_idaacs_2019.pdf https://serwiss.bib.hs-hannover.de/frontdoor/index/index/docId/2154 |
| Rights: | IEEE Copyright "In Copyright" Rights Statement |
| Accession Number: | edsair.doi.dedup.....e7419a41d7ce8a43e8c80dbddebab6ab |
| Database: | OpenAIRE |
Nájsť tento článok vo Web of Science | Abstract: | Intrusion detection systems and other network security components detect security-relevant events based on policies consisting of rules. If an event turns out as a false alarm, the corresponding policy has to be adjusted in order to reduce the number of false positives. Modified policies, however, need to be tested before going into productive use. We present a visual analysis tool for the evaluation of security events and related policies which integrates data from different sources using the IF-MAP specification and provides a ���what-if��� simulation for testing modified policies on past network dynamics. In this paper, we will describe the design and outcome of a user study that will help us to evaluate our visual analysis tool. |
|---|---|
| DOI: | 10.1109/idaacs.2019.8924439 |