security information visualization
security information and event management
visualization component architecture
E.S. Novikova, I.V. Kotenko
To monitor the security state of computer systems it is necessary to track constantly and analyze the data received from different security sources – routers, sniffers, firewalls, intrusion detection systems, etc. Security Information and Event Management systems (SIEM-systems) allow accumulating these data, normalizing and transforming them into a common format and providing convenient graphical user interface (GUI) to access it. Usually security data have textual format; that is why the visualization techniques are used to analyze information among others. Graphical representations help specialists to identify immediately general trends and relationships among individual data points, detect malicious activity or anomalies, because the human visual system is a pattern seeker of enormous power and subtlety.
The new generation SIEM-system for service infrastructures supporting intelligent, scalable and multi-level/multi-domain security event processing and predictive security monitoring is designed in the framework of the MASSIF FP7 project. In the paper the current results of the security visualization technique analyses and visualization component design are presented.
The three-level service-oriented architecture of the visualization component is proposed. It consists of the User Interface, Control Services Middleware and Graphical elements. Such approach allows developing the scalable application and integrating different visualization technologies used to implement graphical items.
The paper describes the software visualization component developed to illustrate the proposed architecture. It provides graphical interface for the Attack Simulation of Attack Modeling and Security Evaluation Component of the SIEM-system. To increase the efficiency of the developed visualization component the user interaction mechanisms such as zooming, collapsing/expanding of the subgraphs, viewing the hosts’ or attack actions’ details on demand are implemented. To enforce the effect of the implemented mechanisms the principles of the human perception are considered when designing graphical items.