skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Bridging the Host-Network Divide: Survey, Taxonomy, and Solution

Abstract

Abstract: "This paper presents a new direction in security awareness tools for system administration--the Host-Network (HoNe) Visualizer. Our requirements for the HoNe Visualizer come from needs system administrators expressed in interviews, from reviewing the literature, and from conducting usability studies with prototypes. We present a tool taxonomy that serves as a framework for our literature review, and we use the taxonomy to show what is missing in the administrator's arsenal. Then we unveil our tool and its supporting infrastructure that we believe will fill the empty niche. We found that most security tools provide either an internal view of a host or an external view of traffic on a network. Our interviewees revealed how they must construct a mental end-to-end view from separate tools that individually give an incomplete view, expending valuable time and mental effort. Because of limitations designed into TCP/IP [RFC-791, RFC-793], no tool can effectively correlate host and network data into an end-to-end view without kernel modifications. Currently, no other visualization exists to support end-to-end analysis. But HoNe's infrastructure overcomes TCP/IP's limitations bridging the network and transport layers in the network stack and making end-to-end correlation possible. The capstone is the HoNe Visualizer that amplifies the users'more » cognitive power and reduces their mental workload by illustrating the correlated data graphically. Users said HoNe would be particularly good for discovering day-zero exploits. Our usability study revealed that users performed better on intrusion detection tasks using our visualization than with tools they were accustomed to using regardless of their experience level."« less

Authors:
; ; ;
Publication Date:
Research Org.:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
983451
Report Number(s):
PNNL-SA-52883
TRN: US201014%%211
DOE Contract Number:
AC05-76RL01830
Resource Type:
Conference
Resource Relation:
Conference: Proceedings of the 20th USENIX Large Installation Systems Administration Conference (LISA '06), 247-262
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICAL METHODS AND COMPUTING; COMPUTER NETWORKS; SECURITY; CRIME DETECTION; COMPUTER CODES; MANAGEMENT; Information visualization; computer security; correlation

Citation Formats

Fink, Glenn A., Duggirala, Vedavyas, Correa, Ricardo, and North, Christopher L. Bridging the Host-Network Divide: Survey, Taxonomy, and Solution. United States: N. p., 2007. Web.
Fink, Glenn A., Duggirala, Vedavyas, Correa, Ricardo, & North, Christopher L. Bridging the Host-Network Divide: Survey, Taxonomy, and Solution. United States.
Fink, Glenn A., Duggirala, Vedavyas, Correa, Ricardo, and North, Christopher L. Tue . "Bridging the Host-Network Divide: Survey, Taxonomy, and Solution". United States. doi:.
@article{osti_983451,
title = {Bridging the Host-Network Divide: Survey, Taxonomy, and Solution},
author = {Fink, Glenn A. and Duggirala, Vedavyas and Correa, Ricardo and North, Christopher L.},
abstractNote = {Abstract: "This paper presents a new direction in security awareness tools for system administration--the Host-Network (HoNe) Visualizer. Our requirements for the HoNe Visualizer come from needs system administrators expressed in interviews, from reviewing the literature, and from conducting usability studies with prototypes. We present a tool taxonomy that serves as a framework for our literature review, and we use the taxonomy to show what is missing in the administrator's arsenal. Then we unveil our tool and its supporting infrastructure that we believe will fill the empty niche. We found that most security tools provide either an internal view of a host or an external view of traffic on a network. Our interviewees revealed how they must construct a mental end-to-end view from separate tools that individually give an incomplete view, expending valuable time and mental effort. Because of limitations designed into TCP/IP [RFC-791, RFC-793], no tool can effectively correlate host and network data into an end-to-end view without kernel modifications. Currently, no other visualization exists to support end-to-end analysis. But HoNe's infrastructure overcomes TCP/IP's limitations bridging the network and transport layers in the network stack and making end-to-end correlation possible. The capstone is the HoNe Visualizer that amplifies the users' cognitive power and reduces their mental workload by illustrating the correlated data graphically. Users said HoNe would be particularly good for discovering day-zero exploits. Our usability study revealed that users performed better on intrusion detection tasks using our visualization than with tools they were accustomed to using regardless of their experience level."},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Tue Apr 17 00:00:00 EDT 2007},
month = {Tue Apr 17 00:00:00 EDT 2007}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: