Image Processing Reference
In-Depth Information
In the scenario of computer network defense, security analysts are the decision
makers who monitor and react to vulnerabilities, threats, and attacks. Typical prob-
lems in network attack detection include determination of whether an attack has
occurred, which nodes/machines are involved, and the time range of the attack.
For example, a Sybil attack is characterized by one or more nodes assuming the
identity of other legitimate nodes in the network. Sybil attacks are not limited to
general computer networks. For example, sites like Amazon or Ebay, which rely on
user “voting” tomake recommendations to other users, are susceptible to coordinated
attackswhere false users promote items of their choosing.While some of these attacks
can be discovered via domain-specific methods, our system is designed to allow
analysts to identify attacks through exploring time-varying network connectivity
data, which is generally readily available.
As the size of networks and the complexity of attacks increase, so does the time
needed to accurately determine the scope of intrusions. Since infected nodes on the
networkmust often be quarantined for repair, determining the attack scope and impact
is crucial to network defense operations. Oftentimes, if an analyst cannot determine
exactly which machines are affected, they must quarantine a larger section of the
network. Therefore, the inability to properly determine the scope of an attack can
prove costly.
In this work, we examine how integrating uncertainty views and interactions with
a coordinated-views visualization and automatic classification algorithm can help
analysts make accurate and timely decisions regarding the scope and duration of
attacks. Based on our previous approach, a coordinated multiple views visualization,
we present an integrated approach to analyze network data containing Sybil attacks.
Specifically, we have designed and incorporated uncertainty management views and
interactions that assist network defenders in specifying analytical uncertainty and
reusing these results in future investigations. We compare two approaches with a
case study and discuss the effects of uncertainty visualization for the decision making
progress.
The following first describes the related work on uncertainty visualization for
decision making. We then describe our approach and present the results of compari-
son. At the end, we discuss the effects of uncertainty visualization and conclude the
paper.
7.2 Related Work
Representations of error and uncertainty have been identified as component typically
missing in visualization [
9
]. As a good match, uncertainty visualizations deal with
visual representations of error and uncertainty in the data [
1
,
10
].
For security applications, the term “uncertainty” extends beyond the quality of the
data source. For example, uncertainty can also be considered and quantified in
the context of human analysis and decision making [
4
,
6
]. This work focuses on the
latter definition of uncertainty. The uncertainty interactions and views described are
Search WWH ::
Custom Search