M-Sieve: a visualisation tool for supporting network security analysts

Choudhury, Sharmin (Tinni), Kodagoda, Neesha, Nguyen, Phong H., Rooney, Chris, Attfield, Simon ORCID: https://orcid.org/0000-0001-9374-2481, Xu, Kai ORCID: https://orcid.org/0000-0003-2242-5440, Zheng, Yongjun, Wong, B. L. William ORCID: https://orcid.org/0000-0002-3363-0741, Chen, Raymond, Mapp, Glenford E. ORCID: https://orcid.org/0000-0002-0539-5852, Slabbert, Louis, Aiash, Mahdi ORCID: https://orcid.org/0000-0002-3984-6244 and Lasebae, Aboubaker ORCID: https://orcid.org/0000-0003-2312-9694 (2012) M-Sieve: a visualisation tool for supporting network security analysts. In: VisWeek 2012, 14-19 Oct 2012, Seattle, WA, USA. . [Conference or Workshop Item]

Preview	PDF (Paper For VisWeek 2012 Proceedings) - Published version (with publisher's formatting) Available under License Creative Commons Attribution-NoDerivatives 4.0. Download (313kB) | Preview
Preview	PDF (Poster for VAST Challenge Poster Session) - UNSPECIFIED Available under License Creative Commons Attribution-NoDerivatives 4.0. Download (821kB) | Preview

Abstract

The Middlesex Spatial Interactive Visualisation Environment (M-Sieve) is a spatiotemporal visual analytics tool for exploring computer network activity. M-Sieve allows the user to filter and visualize data through facets to explore and find patterns. To help guide exploration, we developed a set of rules which are used to derive a variable we call the ‘Concern Level Assessment’ (CLA). The CLA is based on attributes of nodes on the network. The rules were developed by eliciting inferences from network security domain experts. The combination of M-Sieve and the CLA allowed us to address the problem presented by the VAST 2012 Competition - Mini Challenge 1.

Actions (login required)

View Item

Statistics

DownloadsShow export options

Export as CSVXMLJSON

Activity Overview

6 month trend

402Downloads

6 month trend

684Hits

Additional statistics are available via IRStats2.