Visualization, in general, helps reveal patterns and relationships in data. This paper focuses on how to support network security analysis using analyst-driven visualization. A web-based data visualization framework is described. This framework was built to help network security analysts at the US Army Research Laboratory to better observe and identify malicious network activities based on alerts collected by sensors across the network.
The design of the system was intended to meet requirements related to end users’ mental models and working environments, to achieve “configurability, accessibility, scalability, and fit with existing analysis strategies.” In the framework, MySQL was selected for retrieval and management of data sources, and a JavaScript charting library (RGraph) was adopted and modified to implement flexible user interactions and correlation capability. The paper concludes with an example analysis session in which the visualization system is used by a professional network analyst.
Although the practices described in the paper relate to the specialized field of network security, the methodology can be applied to building other domain-specific visualization frameworks. Thus, I recommend this paper to the broad visualization community.