Visualizing network events in a muggle friendly way

Outi-Marja Latvala, Tommi Keränen, Sami Noponen, Niko Lehto, Mirko Sailio, Mikko Valta, Pia Olli

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    3 Citations (Scopus)

    Abstract

    This paper describes a work in progress for a proof of concept which visualizes network events of an industrial automation system in a 3D fish tank view. It aims to enable an automation operator, who most likely is a non-network-expert, to spot anomalies in network traffic and also to memorise past seen anomalies more easily. The developed solution builds upon three components: a Snort event-log forwarder, a database and the 3D fish tank to visualize the events. Different kind of fishes were chosen to present network nodes, and how they move in the fish tank describes the event. Visualization system was implemented using the Unity game engine. As this is still a work in progress, more development is needed; especially adding functionality to visualize normal network traffic besides Snort events is crucial. However, the first version showed interest among people, as this differs from traditional network event visualizations.
    Original languageEnglish
    Title of host publication2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Cyber SA 2017
    PublisherIEEE Institute of Electrical and Electronic Engineers
    ISBN (Electronic)978-1-5090-5060-4
    ISBN (Print)978-1-5090-5061-1
    DOIs
    Publication statusPublished - 18 Oct 2017
    MoE publication typeA4 Article in a conference publication
    EventInternational Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) - London, United Kingdom
    Duration: 19 Jun 201720 Jun 2017

    Conference

    ConferenceInternational Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)
    Abbreviated titleCyber SA
    CountryUnited Kingdom
    CityLondon
    Period19/06/1720/06/17

    Fingerprint

    Fish
    Automation
    Visualization
    Engines

    Keywords

    • data visualization
    • security
    • monitoring
    • visualization
    • tools
    • communication networks
    • production facilities

    Cite this

    Latvala, O-M., Keränen, T., Noponen, S., Lehto, N., Sailio, M., Valta, M., & Olli, P. (2017). Visualizing network events in a muggle friendly way. In 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Cyber SA 2017 [8073400] IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/CyberSA.2017.8073400
    Latvala, Outi-Marja ; Keränen, Tommi ; Noponen, Sami ; Lehto, Niko ; Sailio, Mirko ; Valta, Mikko ; Olli, Pia. / Visualizing network events in a muggle friendly way. 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Cyber SA 2017. IEEE Institute of Electrical and Electronic Engineers , 2017.
    @inproceedings{3acde7cc931a46b4946274d2d7124df4,
    title = "Visualizing network events in a muggle friendly way",
    abstract = "This paper describes a work in progress for a proof of concept which visualizes network events of an industrial automation system in a 3D fish tank view. It aims to enable an automation operator, who most likely is a non-network-expert, to spot anomalies in network traffic and also to memorise past seen anomalies more easily. The developed solution builds upon three components: a Snort event-log forwarder, a database and the 3D fish tank to visualize the events. Different kind of fishes were chosen to present network nodes, and how they move in the fish tank describes the event. Visualization system was implemented using the Unity game engine. As this is still a work in progress, more development is needed; especially adding functionality to visualize normal network traffic besides Snort events is crucial. However, the first version showed interest among people, as this differs from traditional network event visualizations.",
    keywords = "data visualization, security, monitoring, visualization, tools, communication networks, production facilities",
    author = "Outi-Marja Latvala and Tommi Ker{\"a}nen and Sami Noponen and Niko Lehto and Mirko Sailio and Mikko Valta and Pia Olli",
    year = "2017",
    month = "10",
    day = "18",
    doi = "10.1109/CyberSA.2017.8073400",
    language = "English",
    isbn = "978-1-5090-5061-1",
    booktitle = "2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Cyber SA 2017",
    publisher = "IEEE Institute of Electrical and Electronic Engineers",
    address = "United States",

    }

    Latvala, O-M, Keränen, T, Noponen, S, Lehto, N, Sailio, M, Valta, M & Olli, P 2017, Visualizing network events in a muggle friendly way. in 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Cyber SA 2017., 8073400, IEEE Institute of Electrical and Electronic Engineers , International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), London, United Kingdom, 19/06/17. https://doi.org/10.1109/CyberSA.2017.8073400

    Visualizing network events in a muggle friendly way. / Latvala, Outi-Marja; Keränen, Tommi; Noponen, Sami; Lehto, Niko; Sailio, Mirko; Valta, Mikko; Olli, Pia.

    2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Cyber SA 2017. IEEE Institute of Electrical and Electronic Engineers , 2017. 8073400.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Visualizing network events in a muggle friendly way

    AU - Latvala, Outi-Marja

    AU - Keränen, Tommi

    AU - Noponen, Sami

    AU - Lehto, Niko

    AU - Sailio, Mirko

    AU - Valta, Mikko

    AU - Olli, Pia

    PY - 2017/10/18

    Y1 - 2017/10/18

    N2 - This paper describes a work in progress for a proof of concept which visualizes network events of an industrial automation system in a 3D fish tank view. It aims to enable an automation operator, who most likely is a non-network-expert, to spot anomalies in network traffic and also to memorise past seen anomalies more easily. The developed solution builds upon three components: a Snort event-log forwarder, a database and the 3D fish tank to visualize the events. Different kind of fishes were chosen to present network nodes, and how they move in the fish tank describes the event. Visualization system was implemented using the Unity game engine. As this is still a work in progress, more development is needed; especially adding functionality to visualize normal network traffic besides Snort events is crucial. However, the first version showed interest among people, as this differs from traditional network event visualizations.

    AB - This paper describes a work in progress for a proof of concept which visualizes network events of an industrial automation system in a 3D fish tank view. It aims to enable an automation operator, who most likely is a non-network-expert, to spot anomalies in network traffic and also to memorise past seen anomalies more easily. The developed solution builds upon three components: a Snort event-log forwarder, a database and the 3D fish tank to visualize the events. Different kind of fishes were chosen to present network nodes, and how they move in the fish tank describes the event. Visualization system was implemented using the Unity game engine. As this is still a work in progress, more development is needed; especially adding functionality to visualize normal network traffic besides Snort events is crucial. However, the first version showed interest among people, as this differs from traditional network event visualizations.

    KW - data visualization

    KW - security

    KW - monitoring

    KW - visualization

    KW - tools

    KW - communication networks

    KW - production facilities

    UR - http://www.scopus.com/inward/record.url?scp=85039938922&partnerID=8YFLogxK

    U2 - 10.1109/CyberSA.2017.8073400

    DO - 10.1109/CyberSA.2017.8073400

    M3 - Conference article in proceedings

    SN - 978-1-5090-5061-1

    BT - 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Cyber SA 2017

    PB - IEEE Institute of Electrical and Electronic Engineers

    ER -

    Latvala O-M, Keränen T, Noponen S, Lehto N, Sailio M, Valta M et al. Visualizing network events in a muggle friendly way. In 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Cyber SA 2017. IEEE Institute of Electrical and Electronic Engineers . 2017. 8073400 https://doi.org/10.1109/CyberSA.2017.8073400

    Access to Document

    Related content

    Projects

    Secure Networking for a Data Center Cloud in Europe

    Project: Research