This item is licensed Korea Open Government License
dc.contributor.author
송보연
dc.contributor.author
송중석
dc.contributor.author
최상수
dc.contributor.author
최장원
dc.date.accessioned
2019-08-28T07:42:02Z
dc.date.available
2019-08-28T07:42:02Z
dc.date.issued
2017-11-08
dc.identifier.issn
1386-7857
dc.identifier.uri
https://repository.kisti.re.kr/handle/10580/14607
dc.description.abstract
We introduce VisIDAC presented in Song at al (In:Nguyen, P.Q.,Zhou, J. (eds.) Information Security—20th International Conference, ISC 2017, Security and Cryptology, vol. 10599. Springer International Publishing, 2017), which is a 3-D real-time visualization of security event log collection detected by intrusion detection systems installed in multiple networks. VisIDAC consists of three parallel plane-squares which represent global source networks, target networks, and global destination networks. Security events are displayed in different shapes, colors and spaces, according to their main features. It helps security operators to immediately understand the key properties of security events.We also apply VisIDAC to a public cyber security operations center, Science and Technology Cyber Security Center (S&T-CSC), and demonstrate its usefulness.VisIDACallows users to grasp more intuitively the overall flow of security events and their trend, makes it easy to recognize large-scale security events such as network scanning, port scanning, and distributed denial of service attacks, and is also effective to distinguish security event types: which target network they are related to; whether they are inbound or outbound traffic; whether they are momentary or continuous; and what protocol and port number are mainly used.
dc.language
eng
dc.relation.ispartofseries
Cluster Computing
dc.title
Visualization of security event log collection across multiple networks and its application to a CSOC