Bridging the Host-Network Divide: Survey, Taxonomy, and Solution

Fink, Glenn A; Duggirala, Vedavyas; Correa, Ricardo; North, Christopher L

Title: Bridging the Host-Network Divide: Survey, Taxonomy, and Solution

Conference · Tue Apr 17 00:00:00 EDT 2007

OSTI ID:983451

Fink, Glenn A; Duggirala, Vedavyas; Correa, Ricardo; North, Christopher L

Abstract: "This paper presents a new direction in security awareness tools for system administration--the Host-Network (HoNe) Visualizer. Our requirements for the HoNe Visualizer come from needs system administrators expressed in interviews, from reviewing the literature, and from conducting usability studies with prototypes. We present a tool taxonomy that serves as a framework for our literature review, and we use the taxonomy to show what is missing in the administrator's arsenal. Then we unveil our tool and its supporting infrastructure that we believe will fill the empty niche. We found that most security tools provide either an internal view of a host or an external view of traffic on a network. Our interviewees revealed how they must construct a mental end-to-end view from separate tools that individually give an incomplete view, expending valuable time and mental effort. Because of limitations designed into TCP/IP [RFC-791, RFC-793], no tool can effectively correlate host and network data into an end-to-end view without kernel modifications. Currently, no other visualization exists to support end-to-end analysis. But HoNe's infrastructure overcomes TCP/IP's limitations bridging the network and transport layers in the network stack and making end-to-end correlation possible. The capstone is the HoNe Visualizer that amplifies the users' cognitive power and reduces their mental workload by illustrating the correlated data graphically. Users said HoNe would be particularly good for discovering day-zero exploits. Our usability study revealed that users performed better on intrusion detection tasks using our visualization than with tools they were accustomed to using regardless of their experience level."

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Cite

Export

Save

Research Organization:: Pacific Northwest National Lab. (PNNL), Richland, WA (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC05-76RL01830

OSTI ID:: 983451

Report Number(s):: PNNL-SA-52883; TRN: US201014%%211

Resource Relation:: Conference: Proceedings of the 20th USENIX Large Installation Systems Administration Conference (LISA '06), 247-262

Country of Publication:: United States

Language:: English

Similar Records

Review of Enabling Technologies to Facilitate Secure Compute Customization

Technical Report · Mon Dec 01 00:00:00 EST 2014 · OSTI ID:983451

Aderholdt, Ferrol; Caldwell, Blake A; Hicks, Susan Elaine; +6 more

10 Gbps TCP/IP streams from the FPGA for High Energy Physics

Conference · Wed Jan 01 00:00:00 EST 2014 · J.Phys.Conf.Ser. · OSTI ID:983451

Bauer, Gerry

An Assessment of the Usability of Machine Learning Based Tools for the Security Operations Center

Conference · Sun Nov 01 00:00:00 EDT 2020 · OSTI ID:983451

Oesch, T; Bridges, Robert; Smith, Jared; +5 more

Related Subjects

97 MATHEMATICAL METHODS AND COMPUTING
COMPUTER NETWORKS
SECURITY
CRIME DETECTION
COMPUTER CODES
MANAGEMENT
Information visualization
computer security
correlation

Title: Bridging the Host-Network Divide: Survey, Taxonomy, and Solution

Citation Formats

Similar Records

Related Subjects