Visualization in Information Security

Information security is a data-rich discipline. Security analysts can be overwhelmed with the amount of data available, whether it is network traffic, audit logs, or IDS alarms. Security monitoring applications need to quickly process this data as they require rapid responses to real-time events. An effective way of dealing with large quantities of data is to take advantage of the human visual system and employ data visualization techniques. Data visualization has a long history in scientific computing and medical applications as well as newer areas such as data mining. Techniques for effective data visualization have significantly evolved over the past several years due to increases in processing power, enhanced display devices, massive data storage capability, and faster transmission speeds. One hardware advance that has strongly impacted real-time visualization is the Graphical Processing Unit (GPU). GPU's are small special-purpose processing devices that are packaged hundreds or thousands of units per chip. This allows parallel processing of vast quantities of data to produce high-quality images in real time. As a result of these advances, experts are extending the traditional fields of visualization to a broad range of new applications. For example, many researchers are now experimenting with innovative ways of applying visualization principles to security applications, and many security products incorporate some type of visualization capability. Dedicated books, articles, workshops, and blogs provide information and forums for interested security professionals to learn about visualization and how to effectively apply it to the security domain. This paper reviews the history and principles of visualization focusing on how it is currently used in the security arena. The paper also discusses current trends in information security visualization research by analyzing and discussing ongoing published visualization projects. These projects focus on techniques such as file visualization, network visualization, log (firewall and intrusion detection) visualization, as well as vulnerability identification and exploits. In addition to a survey of current research efforts, the paper looks at possible future directions for security visualization research and applications.