Security visualisation is a subject that broadly covers aspects of big data, visualisation, human perception and security. Each day, we are collecting more and more data in the form of log files and it is often meaningless if the data is not analyzed thoroughly. Big data mining techniques like Map Reduce help narrow down the search for meaning in vast data. Data visualisation is a data analytics technique, which is used to engage the human brain into finding patterns in data.
Recognition and cognition of patterns will also lead to the identification of anomalous patterns. Security visualisation helps a security analyst identify imminent vulnerability and attacks in a network. Simple visualisations like bar charts and pie charts are naïve and unintuitive when it comes to big data. Special, customized visual techniques like a choropleth map and hive plot are often desired for effective communication of big data. The book Applied Security Visualisation is an in-depth study of the correlation between Security and Data Visualisation.
Sophisticated visualisations
Choropleth
Choropleth is a visualization that depicts the intensity of a quantity through color shading. It can be useful in finding areas of interest through the variations in color and therefore a human readers attention will be drawn to the area that requires security attention. A Choropleth map is a geographical map in which the states or counties are shaded to depict region of interest.
Hive plot
Computer networks are often very troublesome to visualize because they end up looking complicated and difficult to understand. A force Diagram that is used to depict a computer network often ends up looking like a ball of hair when the number of nodes is large. Hence, making force diagrams unsuitable for unorganised big data. A hive plot is considered an improvement to force-directed graph drawing especially suited for big data. Nodes are arranged along three or more axes and edges between nodes are drawn as Bézier curves.
Heatmap
A heatmap is a visual technique similar to the choropleth map. However, a heatmap is shaded with gradient colors, which are usually computed using a normalized heatmap function. These maps can be used to recognize areas that require attention through varying shades and patterns of color gradient.
ELISHA
ELISHA is a visual anomaly detection system. The tool aims at identifying multiple origin autonomous system (MOAS) conflicts in a Border Gateway Protocol network. A MOAS conflict is identified by changes in color of the connected nodes in a BGP network.
References
- Marty, Raffael (2008). Applied Security Visualization. Addison-Wesley Professional. Pearson Education. ISBN 978-0-321-51010-5.
- Krzywinski, Martin (2011). "Hive Plots — Rational Approach to Visualizing Networks". Briefings in Bioinformatics. 13 (5): 627–644. doi:10.1093/bib/BBR069. PMID 22155641.
- S.T. Teoh; et al. "ELISHA: A Visual-Based Anomaly Detection System for the BGP Routing Protocol" (PDF).
External links
- Expert-interviews led analysis of EEVi — A model for effective visualization in cyber-security by Aneesha Sethi and Gary Wills. DOI:10.1109/VIZSEC.2017.8062195
- EEVi – Framework for Evaluating the Effectiveness of Visualization in Cyber-Security by Aneesha Sethi, Federica Paci and Gary Wills