• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.25-38
• /
• 2017

Many security threats are occurring around the world due to the characteristics of industrial control systems that can cause serious damage in the event of a security incident including major national infrastructure. Therefore, the industrial control system network traffic should be analyzed so that it can identify the attack in advance or perform incident response after the accident. In this paper, we research the visualization technique as network forensics to enable reasonable suspicion of all possible attacks on DNP3 control system protocol, and define normal action based rules and derive visualization requirements. As a result, we developed a visualization tool that can detect sudden network traffic changes such as DDoS and attacks that contain anormal behavior from captured packet files on industrial control system network. The suspicious behavior in the industrial control system network can be found using visualization tool with Digital Bond packet.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.6
• /
• pp.2801-2816
• /
• 2016

Owing to their low scalability, weak support on big data, insufficient data collaborative analysis and inadequate situational awareness, the traditional methods fail to meet the needs of the security data analysis. This paper proposes visualization methods to fuse the multi-source security data and grasp the network situation. Firstly, data sources are classified at their collection positions, with the objects of security data taken from three different layers. Secondly, the Heatmap is adopted to show host status; the Treemap is used to visualize Netflow logs; and the radial Node-link diagram is employed to express IPS logs. Finally, the Labeled Treemap is invented to make a fusion at data-level and the Time-series features are extracted to fuse data at feature-level. The comparative analyses with the prize-winning works prove this method enjoying substantial advantages for network analysts to facilitate data feature fusion, better understand network security situation with a unified, convenient and accurate mode.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.33-43
• /
• 2018

In this paper, we want to solve the problems that users want to search the progress of attack, continuity of attack, association between attackers and victims, blocking priority and countermeasures by using visualization interface with multi-rotational axis and radial axis structure. It is possible to effectively monitor and track security events by arranging a time series event based on a multi-rotational axis structured by an event generation order, a subject of an event, an event type, and an emission axis, which is an objective time indicating progress of individual events. The proposed interface is a practical visualization interface that can apply attack blocking and defense measures by providing the progress and progress of the whole attack, the details and continuity of individual attacks, and the relationship between attacker and victim in one screen.

• Journal of International Society for Simulation Surgery
• /
• v.4 no.1
• /
• pp.17-20
• /
• 2017

Purpose Interactive 3D visualization system through remote data transmission over heterogeneous network is growing due to the improvement of internet based real time streaming technology. Materials and Methods The current internet's IP layer has several weaknesses against IP spoofing or IP sniffing type of network attacks since it was developed for reliable packet exchange. In order to compensate the security issues with normal IP layer, we designed a remote medical visualization system, based on Virtual Private Network. Results Particularly in hospital, if there are many surgeons that need to receive the streaming information, too much load on the gateway can results in deficit of processing power and cause the delay. Conclusion End to end security through the network method would be required.

• International Journal of Computer Science & Network Security
• /
• v.23 no.6
• /
• pp.68-76
• /
• 2023

Nowadays, the power of data analytics in general and visual data analytics, in particular, have been proven to be an important area that would help development in any domain. Many well-known IT services best practices have touched on the importance of data analytics and visualization and what it can offer to information technology service management. Yet, little research exists that summarises what is already there and what can be done to utilise further the power of data analytics and visualization in this domain. This paper is divided into two main parts. First, a number of IT service management tools have been summarised with a focus on the data analytics and visualization features in each of them. Second, interviews with five senior IT managers have been conducted to further understand the usage of these features in their organisations and the barriers to fully benefit from them. It was found that the main barriers include a lack of good understanding of some visualization design principles, poor data quality, and limited application of the technology and shortage in data analytics and visualization expertise.

• Journal of the Korea Convergence Society
• /
• v.10 no.12
• /
• pp.17-22
• /
• 2019

Network attack analysis and visualization methods using network traffic session data detect network anomalies by visualizing the sender's and receiver's IP addresses and the relationship between them. The traffic flow is a critical feature in detecting anomalies, but simply visualizing the source and destination IP addresses symmetrically from up-down or left-right would become a problematic factor for the analysis. Also, there is a risk of losing timely security situation when designing a visualization interface without considering the temporal characteristics of time-series traffic sessions. In this paper, we propose a visualization interface and analysis method that visualizes time-series traffic data by using the radial axis, divide IP addresses into network and host portions which then projects on the cylindrical coordinate system that could effectively monitor network attacks. The proposed method has the advantage of intuitively recognizing network attacks and identifying attack activity over time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.147-162
• /
• 2017

With the advent of various services and devices in the change of IT environment, increasing the complexity of the data, and increasing scale of IT, Many organizations are experiencing the difficulty of analyzing and processing with a large amounts of data for security situations awareness. Therefore, propose the enhancement of security situational awareness through visualization in order to solve the problems of slow response and security situational awareness in organizational risk management. In this paper, we selected the evaluation factors and alternatives for effective visualization by considering user type, situational awareness step, and information visualization attributes through various studies on visualization. And established AHP layer model. Based on this, by using the AHP method for solving the problem of multi-criteria decision making, by calculating the factors for effectively visualizing and the importance of alternative by factor, try to propose a visualization method that can improve the effectiveness of the security situational awareness according to the purpose of visualization and the type of user.

• Smart Media Journal
• /
• v.7 no.4
• /
• pp.70-78
• /
• 2018

Current trends in information system have led many companies to adopt security solutions. However, even with a large budget, they cannot function properly without proper security monitoring that manages them. Security monitoring necessitates a quick response in the event of a problem, and it is needed to design appropriate visualization dashboards for monitoring purposes so that necessary information can be delivered quickly. This paper shows how to visualize a security log using the open source program Elastic Stack and demonstrates that the proposed method is suitable for network security monitoring by implementing it as a appropriate dashboard for monitoring purposes. We confirmed that the dashboard was effectively exploited for the analysis of abnormal traffic growth and attack paths.

• International Journal of Computer Science & Network Security
• /
• v.22 no.12
• /
• pp.13-18
• /
• 2022

In the post-information era, most of technologies have a visual part, or at least some functions related to visualization. It is also one of the popular means of presenting materials in education area. However, despite its popularity, the impact of visualization on the effectiveness of learning still remains controversial. Even more controversial is its usefulness in developing creativity, which is one of the most important skills for today's employee. The authors considered the use of visualization as a tool for the development of children's creativity on the example of learning video games, in particular, ClassCraft to distinguish features that, from the point of view of psychology, may lead to developing creativity even being not useful for educational purposes. It is concluded that video games useful for learning may have features, that are inappropriate in formal educational context, but important to develop creative thinking.

• International Journal of Computer Science & Network Security
• /
• v.22 no.5
• /
• pp.55-60
• /
• 2022

Acceleration of the pace of life, increasing the amount of information, the emergence of "clip way of thinking" as a phenomenon has led to the problem of choosing forms of presentation of educational materials to students. One of the ways to solve this problem is to use the means of visualization of information flow, forasmuch as the thinking of modern youth is more effective in perceiving visual images than verbal means. The purpose of the research is to prove the effectiveness of the use of visualization in the process of teaching Ukrainian as a foreign language to students with clip way of thinking. The following methods have been used, namely: analysis, synthesis, comparison, systematization and generalization of scientific literature; testing and surveys; pedagogical experiment; quantitative and qualitative analysis of data, interpretation and generalization of the research results. The essence of visualization means has been revealed; the expediency of their use in the methodology of teaching foreign students the Ukrainian language has been substantiated. It has been proven that the role of Ukrainian teachers lies in taking into account all new trends in teaching, integrating computer perception of information by foreign students into teaching technology and using cognitive visualization in order to intensify the learning process.