ABSTRACT Analysts engaged in real-time monitoring of cybersecurity incidents must quickly and accurately respond to alerts generated by intrusion detection systems. We investigated two complementary approaches to improving analyst performance on this vigilance task: a graph-based visualization of correlated IDS output and defensible recommendations based on machine learning from historical analyst behavior. We tested our approach with 18 professional cybersecurity analysts using a prototype environment in which we compared the visualization with a conventional tabular display, and the defensible recommendations with limited or no recommendations. Quantitative results showed improved analyst accuracy with the visual display and the defensibl...
International audienceAlthough cybersecurity is a domain where data analysis and training are consid...
Cyber-security visualization aims to reduce security analysts� workload by presenting information ...
Intrusion detection, the process of using computer network and system data to identify potential cyb...
Security analysts working in the modern threat landscape face excessive events and alerts, a high vo...
The ever-increasing amount of major security incidents has led to an emerging interest in cooperativ...
Securing the highly complex infrastructures of modern organizations against innovative and targeted ...
Effective visual analysis of computer network defense (CND) information is challenging due to the vo...
It is difficult to discern real-world consequences of attacks on an enterprise when investigating ne...
Network Intrusion Detection System (NIDS) is a security system that monitors the network traffic and...
Cyber insider threat is one of the most difficult risks to mitigate in organizations. However, innov...
More than ever, we rely on computer systems and the availability of computer networks. It is crucial...
This paper describes a web-based visualization system de-signed for network security analysts at the...
With organisations and governments significantly investing in cyber de-fenses, there is a significan...
Cyber security incidents have affected organisations from various industries. Malicious actors aim t...
Network security manager are faced with a rapidly changing and complex threat environment due to the...
International audienceAlthough cybersecurity is a domain where data analysis and training are consid...
Cyber-security visualization aims to reduce security analysts� workload by presenting information ...
Intrusion detection, the process of using computer network and system data to identify potential cyb...
Security analysts working in the modern threat landscape face excessive events and alerts, a high vo...
The ever-increasing amount of major security incidents has led to an emerging interest in cooperativ...
Securing the highly complex infrastructures of modern organizations against innovative and targeted ...
Effective visual analysis of computer network defense (CND) information is challenging due to the vo...
It is difficult to discern real-world consequences of attacks on an enterprise when investigating ne...
Network Intrusion Detection System (NIDS) is a security system that monitors the network traffic and...
Cyber insider threat is one of the most difficult risks to mitigate in organizations. However, innov...
More than ever, we rely on computer systems and the availability of computer networks. It is crucial...
This paper describes a web-based visualization system de-signed for network security analysts at the...
With organisations and governments significantly investing in cyber de-fenses, there is a significan...
Cyber security incidents have affected organisations from various industries. Malicious actors aim t...
Network security manager are faced with a rapidly changing and complex threat environment due to the...
International audienceAlthough cybersecurity is a domain where data analysis and training are consid...
Cyber-security visualization aims to reduce security analysts� workload by presenting information ...
Intrusion detection, the process of using computer network and system data to identify potential cyb...