Situ Identifying and Explaining Suspicious Behavior in Networks

Situ : Identifying and Explaining Suspicious Behavior in Networks

Despite the best efforts of cyber security analysts, networked computing assets are routinely compromised, resulting in the loss of intellectual property, the disclosure of state secrets, and major financial damages. Anomaly detection methods are beneficial for detecting new types of attacks and abn...

Ausführliche Beschreibung

Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on visualization and computer graphics. - 1996. - (2018) vom: 20. Aug.
1. Verfasser: Goodall, John R (VerfasserIn)
Weitere Verfasser: Ragan, Eric D, Steed, Chad A, Reed, Joel W, Richardson, G David, Huffer, Kelly M T, Bridges, Robert A, Laska, Jason A
Format: Online-Aufsatz
Sprache:English
Veröffentlicht: 2018
Zugriff auf das übergeordnete Werk:IEEE transactions on visualization and computer graphics
Schlagworte:Journal Article
LEADER 01000caa a22002652 4500
001 NLM287753212
003 DE-627
005 20240229161926.0
007 cr uuu---uuuuu
008 231225s2018 xx |||||o 00| ||eng c
024 7 |a 10.1109/TVCG.2018.2865029  |2 doi 
028 5 2 |a pubmed24n1308.xml 
035 |a (DE-627)NLM287753212 
035 |a (NLM)30136975 
040 |a DE-627  |b ger  |c DE-627  |e rakwb 
041 |a eng 
100 1 |a Goodall, John R  |e verfasserin  |4 aut 
245 1 0 |a Situ  |b Identifying and Explaining Suspicious Behavior in Networks 
264 1 |c 2018 
336 |a Text  |b txt  |2 rdacontent 
337 |a ƒaComputermedien  |b c  |2 rdamedia 
338 |a ƒa Online-Ressource  |b cr  |2 rdacarrier 
500 |a Date Revised 27.02.2024 
500 |a published: Print-Electronic 
500 |a Citation Status Publisher 
520 |a Despite the best efforts of cyber security analysts, networked computing assets are routinely compromised, resulting in the loss of intellectual property, the disclosure of state secrets, and major financial damages. Anomaly detection methods are beneficial for detecting new types of attacks and abnormal network activity, but such algorithms can be difficult to understand and trust. Network operators and cyber analysts need fast and scalable tools to help identify suspicious behavior that bypasses automated security systems, but operators do not want another automated tool with algorithms they do not trust. Experts need tools to augment their own domain expertise and to provide a contextual understanding of suspicious behavior to help them make decisions. In this paper we present Situ, a visual analytics system for discovering suspicious behavior in streaming network data. Situ provides a scalable solution that combines anomaly detection with information visualization. The system's visualizations enable operators to identify and investigate the most anomalous events and IP addresses, and the tool provides context to help operators understand why they are anomalous. Finally, operators need tools that can be integrated into their workflow and with their existing tools. This paper describes the Situ platform and its deployment in an operational network setting. We discuss how operators are currently using the tool in a large organization's security operations center and present the results of expert reviews with professionals 
650 4 |a Journal Article 
700 1 |a Ragan, Eric D  |e verfasserin  |4 aut 
700 1 |a Steed, Chad A  |e verfasserin  |4 aut 
700 1 |a Reed, Joel W  |e verfasserin  |4 aut 
700 1 |a Richardson, G David  |e verfasserin  |4 aut 
700 1 |a Huffer, Kelly M T  |e verfasserin  |4 aut 
700 1 |a Bridges, Robert A  |e verfasserin  |4 aut 
700 1 |a Laska, Jason A  |e verfasserin  |4 aut 
773 0 8 |i Enthalten in  |t IEEE transactions on visualization and computer graphics  |d 1996  |g (2018) vom: 20. Aug.  |w (DE-627)NLM098269445  |x 1941-0506  |7 nnns 
773 1 8 |g year:2018  |g day:20  |g month:08 
856 4 0 |u http://dx.doi.org/10.1109/TVCG.2018.2865029  |3 Volltext 
912 |a GBV_USEFLAG_A 
912 |a SYSFLAG_A 
912 |a GBV_NLM 
912 |a GBV_ILN_350 
951 |a AR 
952 |j 2018  |b 20  |c 08