Abstract. A new visualization technique for computer network topology is developed to be used in SIEM or similar systems for information security monitoring of computer networks. The technique is based on a proposed conception and is reported to improve the effectiveness of security visualization systems. The technique considers the existing visualization models that can be used for visualization of security monitoring data. The technique takes into the account the features of cognitive apparatus of the system operator described in detail in previous papers by the authors. The proposed technique contains all stages of data visualization process and therefore allows for consideration of individual components of visualization system of information security on the architecture level. Generally, the technique unifies the approach to development of security data visualization system for computer network. The results of the study may be used in design of a new visualization system, as well as for evaluation and improvement of existing visualization system efficiency. An example of the proposed technique application to improve the efficiency of network topology visualization based on tree and graph visual model is presented.

Keywords: visualization technique, visualization of topology of computer network, security monitoring of computer network, SIEM, cyber security

References:

1. Erbacher R. International Symposium on Visualization for Cyber Security (VizSec'12), 2012, pp. 17–24.
2. Matuszak W., DiPippo L., Lindsay Y. International Symposium on Visualization for Cyber Security (VisSec'13), 2013, pp. 25–32.
3. Kotenko I.V., Novikova E.S., Chechulin A.A. Information Security Problems. Computer Systems, 2015, no. 4, pp. 42–47. (in Russ.)
4. Kotenko I., Doynikova E., Chechulin A. 22th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP 2014), Torino, Italy, February, 2014. 1066-6192/14. DOI 10.1109/PDP.2014.113.
5. Kotenko I.V., Novikova E.S. 9th International Conference on Availability, Reliability and Security (ARES 2014), Fribourg, Switzerland, 2014, рp. 506–513.
6. Kolomeec M., Chechulin A., Kotenko I. Journal of Internet Services and Information Security (JISIS), 2015, no. 4(5), pp. 60–84.
7. Kolomeets M.V., Chechulin A.A., Kotenko I.V. Trudy SPIIRAN (SPIIRAS Proceedings), 2015, no. 42, pp. 232–257. (in Russ.)
8. Kotenko I., Chechulin A. 5th International Conference on Cyber Conflict 2013 (CyCon 2013), Tallinn, Estonia, 2013, pр. 119–142.
9. Goldstein B. Cognitive Psychology, Thomson Wadsworth, 2005.
10. Sarkar M., Brown M. Communications of the ACM, 1994, no. 12(37), pp. 73–83.
11. Watson G. Lecture 15 ‑ Visualisation of Abstract Information, Edinburgh Virtual Environment Centre, 2004.
12. Wroblewski L. Small Multiples within a User Interface, Web Form Design, 2005, http://www.uxmatters.com/mt/archives/2005/12/small-multiples-within-a-user-interface.php.
13. Ferebee D. and Dasgupta D. 12th Colloquium for Information Systems Security Education University of Texas, June 2–4, 2008, 124 p.
14. Lyon G. Nmap Network Scanning: Official Nmap Project Guide to Network Discovery and Security Scanning, Insecure.Com, LLC, 2009.
15. Orebaugh A., Ramirez G., Beale J. Wireshark and Ethereal: Network Protocol Analyzer Toolkit, Syngress, 2007.