Visualization of security event logs across multiple networks and its application to a CSOC

Abstract

We introduce VisIDAC presented in Song at al (In: Nguyen, P.Q., Zhou, J. (eds.) Information Security—20th International Conference, ISC 2017, Security and Cryptology, vol. 10599. Springer International Publishing, 2017), which is a 3-D real-time visualization of security event log collection detected by intrusion detection systems installed in multiple networks. VisIDAC consists of three parallel plane-squares which represent global source networks, target networks, and global destination networks. Security events are displayed in different shapes, colors and spaces, according to their main features. It helps security operators to immediately understand the key properties of security events. We also apply VisIDAC to a public cyber security operations center, Science and Technology Cyber Security Center (ST whether they are inbound or outbound traffic; whether they are momentary or continuous; and what protocol and port number are mainly used.