Skip to main content
U.S. Department of Energy
Office of Scientific and Technical Information

Bridging the Host-Network Divide: Survey, Taxonomy, and Solution

Conference ·
OSTI ID:983451
Abstract: "This paper presents a new direction in security awareness tools for system administration--the Host-Network (HoNe) Visualizer. Our requirements for the HoNe Visualizer come from needs system administrators expressed in interviews, from reviewing the literature, and from conducting usability studies with prototypes. We present a tool taxonomy that serves as a framework for our literature review, and we use the taxonomy to show what is missing in the administrator's arsenal. Then we unveil our tool and its supporting infrastructure that we believe will fill the empty niche. We found that most security tools provide either an internal view of a host or an external view of traffic on a network. Our interviewees revealed how they must construct a mental end-to-end view from separate tools that individually give an incomplete view, expending valuable time and mental effort. Because of limitations designed into TCP/IP [RFC-791, RFC-793], no tool can effectively correlate host and network data into an end-to-end view without kernel modifications. Currently, no other visualization exists to support end-to-end analysis. But HoNe's infrastructure overcomes TCP/IP's limitations bridging the network and transport layers in the network stack and making end-to-end correlation possible. The capstone is the HoNe Visualizer that amplifies the users' cognitive power and reduces their mental workload by illustrating the correlated data graphically. Users said HoNe would be particularly good for discovering day-zero exploits. Our usability study revealed that users performed better on intrusion detection tasks using our visualization than with tools they were accustomed to using regardless of their experience level."
Research Organization:
Pacific Northwest National Laboratory (PNNL), Richland, WA (US)
Sponsoring Organization:
USDOE
DOE Contract Number:
AC05-76RL01830
OSTI ID:
983451
Report Number(s):
PNNL-SA-52883
Country of Publication:
United States
Language:
English

Similar Records

Dynamic right-sizing in TCP : a simulation study /
Conference · Mon Jan 01 04:00:00 UTC 2001 · OSTI ID:975738

ANDES (ARGONNE NUCLEAR DATA EXPLORATION SOFTWARE) - Physics Tools
Software · Mon Aug 24 00:00:00 UTC 2020 · OSTI ID:code-74414

Six virtual inches to the left: The problem with IPng
Conference · Sun May 01 04:00:00 UTC 1994 · OSTI ID:10166635