Learn More
We describe innovative new approaches to teaching information systems security that may be used individually or in combination. Information system security is a difficult course to teach and these approaches provide resources to both novice and experienced educators to enhance their courses. We conclude that more educational development work needs to done(More)
We present a visualization design to enhance the ability of an administrator to detect and investigate anomalous traffic between a local network and external domains. Central to the design is a parallel axes view which displays NetFlow records as links between two machines or domains while employing a variety of visual cues to assist the user. We describe(More)
As enterprise storage needs grow, it is challenging to manage storage systems. The costs of locally managing, supporting, and maintaining resilience in storage systems has skyrocketed. Also, companies must comply with a growing number of federal and state legislations mandating secure handling of electronic information.In this context, outsourcing of(More)
The number of attacks against large computer systems is currently growing at a rapid pace. Despite the best efforts of security analysts, large organizations are having trouble keeping on top of the current state of their networks. In this paper, we describe a tool called NVisionIP that is designed to increase the security analyst's situational awareness.(More)
We routinely hear vendors claim that their systems are " secure. " However, without knowing what assumptions are made by the vendor, it is hard to justify such a claim. Prior to claiming the security of a system, it is important to identify the threats to the system in question. Enumerating the threats to a system helps system architects develop realistic(More)
— Logs are one of the most fundamental resources to any security professional. It is widely recognized by the government and industry that it is both beneficial and desirable to share logs for the purpose of security research. However, the sharing is not happening or not to the degree or magnitude that is desired. Organizations are reluctant to share logs(More)
Intrusion detection is an important part of networked-systems security protection. Although commercial products exist, finding intrusions has proven to be a difficult task with limitations under current techniques. Therefore, improved techniques are needed. We argue the need for correlating data among different logs to improve intrusion detection systems(More)
As the complexity and variety of computer system hardware increases, its suitability as a pedagogical tool in computer organization/architecture courses diminishes. As a consequence, many instructors are turning to simulators as teaching aids, often using valuable teaching/research time to construct them. Many of these simulators have been made freely(More)
Those creating NetFlow tools struggle with two problems: (1) NetFlows come in many different, incompatible formats, and (2) the sensitivity of Net-Flow logs can hinder the sharing of these logs and thus make it difficult for developers—particularly student research assistants—to get real data to use. Our solution is a new tool we created that converts and(More)
A task analysis is conducted for the complex task of network security engineers, intrusion detection (ID) of computer networks. ID helps engineers protect network from harmful attacks and can be broken down into the following phases: pre-processing information, monitoring the network, analyzing attacks, and responding to attacks. Different cognitive loads(More)