Command line or pretty lines?: Comparing textual and visual interfaces for intrusion detection

Conference on Human Factors in Computing Systems - Proceedings

Volumn , Issue , 2007, Pages 1205-1214

  Thompson, Ramona Su ^a   Rantanen, Esa M ^a   Yurcik, William ^a   Bailey, Brian P ^a,b  

^a UNIVERSITY OF ILLINOIS AT URBANA CHAMPAIGN   (United States)

^b University of Illinois at Urbana Champaign   (United States)

Author keywords

Intrusion detection; Network security; Textual interfaces; User study; Visual interfaces

Indexed keywords

COMPUTER CRIME; DATA REDUCTION; NETWORK SECURITY; USER INTERFACES; VISUAL SERVOING;

HYBRID INTERFACES; TEXTUAL INTERFACES; USER STUDY; VISUAL INTERFACES;

INTRUSION DETECTION;

EID: 35348897951     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1240624.1240807     Document Type: Conference Paper

References (25)

1. Cisco Systems NetFlow Services Export Version 9, http://www.ietf.org/rfc/ rfc3954.txt, 2004.
2. Network- vs. Host-based Intrusion Detection http://www.vigilar.com/ wpsaSS/network_vs_hostbased_ ids.pdf, ISS: Internet Secruity Systems white paper, 1998.
3. Abdullah, K., Lee, C., Conti, G., Copeland, J. and Stasko, J., IDS RainStorm: Visualizing IDS Alarms. VizSec/DMSEC, (2005), 1-10.
4. Baldonado, M., Woodruff, A. and Kuchinsky, A., Guidelines for Using Multiple Views in Information Visualization. Proc. A VI, (2000), 110-119.
5. Ball, R., Fink, G.A. and North, C., Home-centric Visualization of Network Traffic for Security Administration. VizSEC/DMSEC, (2004), 55-64.
6. Baudisch, P., Good, N. and Stewart, P., Focus plus Context Screens: Combining Display Technology with Visualization Techniques. UIST, (2001), 31-40.
7. D'Amico, A. and Kocka, M., Information Assurance Visualizations for Specific Stages of Situational Awareness and Intended Uses: Lessons Learned. VizSEC, (2005), 107-112.
8. Gentner, D. and Nielsen, J. The Anti-Mac Interface. Communications of the ACM, 39 (8). 70-82.
9. Goodall, J.R., Lutters, W.G. and Komlodi, A., I Know My Network: Collaboration and Expertise in Intrusion Detection. CSCW, (2004), 342-345.
10. Goodall, J.R., Lutters, W.G. and Komlodi, A., The Work of Intrusion Detection: Rethinking the Role of Security Analysts. AMCIS, (2004), 1421-1427.
11. Goodall, J.R., Lutters, W.G., Rheingans, P. and Komlodi, A., Preserving the Big Picture: Visual Network Traffic Analysis with TNV. VizSEC, (2005), IEEE, 47-54.
12. Goodall, J.R., Ozok, A.A., Lutters, W.G., Rheingans, P. and Komlodi, A., A User-Centered Approach to Visualizing Network Traffic for Intrusion Detection. Extended Abstracts of CHI, (2005), 1403-1406.
13. Hombaek, K., Bederson, B. and Plaisant, K. Navigation Patterns and Usability of Zoomable User Interfaces with and without and Overview. ACM TOCHI, 9(4), 362-389.
14. Hornbaek, K. and Frokjaer, E., Reading of Electronic Documents: The Usability of Linear, Fisheye, and Overview+detail Interfaces. CHI, (2001), 293-300.
15. Julisch, K. and Dacier, M., Mining Intrusion Detection Alarms for Actionable Knowledge. KDD, (2002), 366-375.
16. Kandogan, E. and Haber, E. Security Administration Tools and Practices, in Cranon, L. and Garfinkel, S. eds. Security and Usability: Designing Secure Systems that People Can Use, O'Reilly, Beijing, 2005, 357-376.
17. Keim, D.A. Visual Exploration of Large Data Sets. Communications of the ACM, 44 (8), 38-44.
18. Killcrece, G., Kossakowski, K., Ruefle, R. and Zajicek, M. State of the Practice of Computer Security Response Teams (CSIRTs), Carnegie Mellon Software Engineering Institute (SEI), 2003.
19. Komlodi, A., Goodall, J.R. and Lutters, W.G., An Information Visualization Framework for Intrusion Detection. Extended Abstracts of CHI, (2004), 1743.
20. Lakkaraju, K., Yurcik, W. and Lee, A.J., NVisionIP: NetFlow Visualizations of System State for Security Situational Awareness. VizSec/DMSEC, (2004), 65-72.
21. McPherson, J., Ma, K., Krystosk, P., Bartoletti, T. and Christensen, M., PortVis: A Tool for Port-Based Detection of Security Events. VizSEC/DMSEC, (Washington, DC, 2004), 73-81.
22. Plaisant, C., Carr, D. and Shneiderman, B. Image-Browser Taxonomy and Guidelines for Designers. IEEE Software, 12 (2), 21-32.
23. Thompson, R.S., Rantanen, E. and Yurcik, W., Network Intrusion Detection Cognitive Task Analysis: Textual and Visual Tool Usage and Recommendations. Proceedings of the 50th Annual Meeting of the Human Factors and Ergonomics Society, (2006).
24. Yin, X., Yurcik, W., Treaster, M., Li, Y. and Lakkaraju, K., VisFlowConnect: NetFlow Visualizations of Link Relationships for Security Situational Awareness. VizSec/DMSEC, (2004), 26-34.
25. Yurcik, W., Barlow, J. and Rosendale, J., Maintaining Perspective on Who is the Enemy in the Security Systems Administration of Computer Networks. CHI Workshop on System Administrators Are Users, Too: Designing Workspaces for Managing Internet-Scale Systems, (2003).