The ability to display mountains of data in a graphical manner significantly enhances the time needed to locate and analyze suspicious files.
— We present a novel paradigm for visual correlation of network alerts from disparate logs. This paradigm facilitates and promotes situational awareness in complex network environments. Our approach is based on the notion that, by definition, an alert must possess three attributes, namely: What, When, and Where. This fundamental premise, which we term w 3 ,… (More)
We present the design of a visualization technique based on the results of a human in the loop process, which relied on network managers and network analysts. This visualization design was directly targeted at supporting tasks identified by the domain experts. This was the need for the ability to provide rapid and immediate assessment of the state of the… (More)
The goal of our project is to create a set of next-generation cyber situational-awareness capabilities with applications to other domains in the long term. The objective is to improve the decision-making process to enable decision makers to choose better actions. To this end, we put extensive effort into making certain that we had feedback from network… (More)
A key task in digital forensic analysis is the location of relevant information within the computer system. Identification of the relevancy of data is often dependent upon the identification of the type of data being examined. Typical file type identification is based upon file extension or magic keys. These typical techniques fail in many typical forensic… (More)
As computer and network intrusions become more and more of a concern, the need for better capabilities to assist in the detection and analysis of intrusions also increases. We propose a methodology for analyzing network and computer log information visually based on the analysis of user behavior. Each user's behavior is the key to determining their intent… (More)