Visualizing network events in a muggle friendly way

Outi-Marja Latvala; Tommi Keränen; Sami Noponen; Niko Lehto; Mirko Sailio; Mikko Valta; Pia Olli

doi:10.1109/CyberSA.2017.8073400

Visualizing network events in a muggle friendly way

Outi-Marja Latvala, Tommi Keränen, Sami Noponen, Niko Lehto, Mirko Sailio, Mikko Valta, Pia Olli

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

3 Citations (Scopus)

Abstract

This paper describes a work in progress for a proof of concept which visualizes network events of an industrial automation system in a 3D fish tank view. It aims to enable an automation operator, who most likely is a non-network-expert, to spot anomalies in network traffic and also to memorise past seen anomalies more easily. The developed solution builds upon three components: a Snort event-log forwarder, a database and the 3D fish tank to visualize the events. Different kind of fishes were chosen to present network nodes, and how they move in the fish tank describes the event. Visualization system was implemented using the Unity game engine. As this is still a work in progress, more development is needed; especially adding functionality to visualize normal network traffic besides Snort events is crucial. However, the first version showed interest among people, as this differs from traditional network event visualizations.

Original language	English
Title of host publication	2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Cyber SA 2017
Publisher	IEEE Institute of Electrical and Electronic Engineers
ISBN (Electronic)	978-1-5090-5060-4
ISBN (Print)	978-1-5090-5061-1
DOIs	https://doi.org/10.1109/CyberSA.2017.8073400
Publication status	Published - 18 Oct 2017
MoE publication type	A4 Article in a conference publication
Event	International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) - London, United Kingdom Duration: 19 Jun 2017 → 20 Jun 2017

Conference

Conference	International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)
Abbreviated title	Cyber SA
Country	United Kingdom
City	London
Period	19/06/17 → 20/06/17

Keywords

data visualization
security
monitoring
visualization
tools
communication networks
production facilities

Access to Document

10.1109/CyberSA.2017.8073400

Link to publication in Scopus

Fingerprint Dive into the research topics of 'Visualizing network events in a muggle friendly way'. Together they form a unique fingerprint.

Projects

1 Finished

SENDATE-PLANETS: Secure Networking for a Data Center Cloud in Europe

Savolainen, P., Savola, R., Vähä-Heikkilä, T. & Honka, H.

1/04/16 → 30/04/19

Project: Research

Cite this

Latvala, O-M., Keränen, T., Noponen, S., Lehto, N., Sailio, M., Valta, M., & Olli, P. (2017). Visualizing network events in a muggle friendly way. In 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Cyber SA 2017 [8073400] IEEE Institute of Electrical and Electronic Engineers. https://doi.org/10.1109/CyberSA.2017.8073400

@inproceedings{3acde7cc931a46b4946274d2d7124df4,

title = "Visualizing network events in a muggle friendly way",

abstract = "This paper describes a work in progress for a proof of concept which visualizes network events of an industrial automation system in a 3D fish tank view. It aims to enable an automation operator, who most likely is a non-network-expert, to spot anomalies in network traffic and also to memorise past seen anomalies more easily. The developed solution builds upon three components: a Snort event-log forwarder, a database and the 3D fish tank to visualize the events. Different kind of fishes were chosen to present network nodes, and how they move in the fish tank describes the event. Visualization system was implemented using the Unity game engine. As this is still a work in progress, more development is needed; especially adding functionality to visualize normal network traffic besides Snort events is crucial. However, the first version showed interest among people, as this differs from traditional network event visualizations.",

keywords = "data visualization, security, monitoring, visualization, tools, communication networks, production facilities",

author = "Outi-Marja Latvala and Tommi Ker{\"a}nen and Sami Noponen and Niko Lehto and Mirko Sailio and Mikko Valta and Pia Olli",

year = "2017",

month = oct,

day = "18",

doi = "10.1109/CyberSA.2017.8073400",

language = "English",

isbn = "978-1-5090-5061-1",

booktitle = "2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Cyber SA 2017",

publisher = "IEEE Institute of Electrical and Electronic Engineers",

address = "United States",

note = "International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), Cyber SA ; Conference date: 19-06-2017 Through 20-06-2017",

}

Latvala, O-M, Keränen, T, Noponen, S , Lehto, N , Sailio, M, Valta, M & Olli, P 2017, Visualizing network events in a muggle friendly way. in 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Cyber SA 2017., 8073400, IEEE Institute of Electrical and Electronic Engineers, International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), London, United Kingdom, 19/06/17. https://doi.org/10.1109/CyberSA.2017.8073400

Visualizing network events in a muggle friendly way. / Latvala, Outi-Marja; Keränen, Tommi; Noponen, Sami ; Lehto, Niko ; Sailio, Mirko; Valta, Mikko; Olli, Pia.

2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Cyber SA 2017. IEEE Institute of Electrical and Electronic Engineers, 2017. 8073400.

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Visualizing network events in a muggle friendly way

AU - Latvala, Outi-Marja

AU - Keränen, Tommi

AU - Noponen, Sami

AU - Lehto, Niko

AU - Sailio, Mirko

AU - Valta, Mikko

AU - Olli, Pia

PY - 2017/10/18

Y1 - 2017/10/18

N2 - This paper describes a work in progress for a proof of concept which visualizes network events of an industrial automation system in a 3D fish tank view. It aims to enable an automation operator, who most likely is a non-network-expert, to spot anomalies in network traffic and also to memorise past seen anomalies more easily. The developed solution builds upon three components: a Snort event-log forwarder, a database and the 3D fish tank to visualize the events. Different kind of fishes were chosen to present network nodes, and how they move in the fish tank describes the event. Visualization system was implemented using the Unity game engine. As this is still a work in progress, more development is needed; especially adding functionality to visualize normal network traffic besides Snort events is crucial. However, the first version showed interest among people, as this differs from traditional network event visualizations.

AB - This paper describes a work in progress for a proof of concept which visualizes network events of an industrial automation system in a 3D fish tank view. It aims to enable an automation operator, who most likely is a non-network-expert, to spot anomalies in network traffic and also to memorise past seen anomalies more easily. The developed solution builds upon three components: a Snort event-log forwarder, a database and the 3D fish tank to visualize the events. Different kind of fishes were chosen to present network nodes, and how they move in the fish tank describes the event. Visualization system was implemented using the Unity game engine. As this is still a work in progress, more development is needed; especially adding functionality to visualize normal network traffic besides Snort events is crucial. However, the first version showed interest among people, as this differs from traditional network event visualizations.

KW - data visualization

KW - security

KW - monitoring

KW - visualization

KW - tools

KW - communication networks

KW - production facilities

UR - http://www.scopus.com/inward/record.url?scp=85039938922&partnerID=8YFLogxK

U2 - 10.1109/CyberSA.2017.8073400

DO - 10.1109/CyberSA.2017.8073400

M3 - Conference article in proceedings

SN - 978-1-5090-5061-1

BT - 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, Cyber SA 2017

PB - IEEE Institute of Electrical and Electronic Engineers

T2 - International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)

Y2 - 19 June 2017 through 20 June 2017

ER -