Open challenges in visual analytics for security information and event management
Keywords:
visual analytics, security information and event management, visual data correlation, visual validation of analysis models, matrix-base data visualizationAbstract
Introduction: Visual analytics techniques support efficient analysis of the ever-growing amounts of data generated by security
sensors and facilitate a timely and reasonable response to the threats. Modern security information and event management systems
propose various solutions for processing large data streams and integrating heterogeneous sources which can be used as a framework to construct a visual analytics system for security tasks. Purpose: The analysis of visual analytics techniques implemented in security
information and event management systems and designed to support the studies on security incidents in the context of the main visual
analytics problems, including the validation of automatic analysis models. Results: A contradiction has been detected between the
capabilities of security information and event management systems in the visual analysis of security data and the implementation of
these capabilities. Techniques for visual correlation of the data from different security sensors and for visual validation of automatic
analysis models which would allow you to evaluate their accuracy and adaptability to the changes in data streams are almost missing.
A possible way to resolve this contradiction is using techniques which support a flexible mechanism for adjusting the analyzed
attributes of the network device events. The article presents the main approaches to the development of such techniques, discussing
their advantages and disadvantages. We propose a dashboard for monitoring the behavior of an automated network traffic analysis
model used in a cloud computing infrastructure. It allows you to monitor the analysis model behavior, perform a visual correlation of
the analyzed parameters, and track changes in the network flows. Practical relevance: The results of the research can be used when
designing security visual analytics tools for monitoring data flows and the behavior of automated analysis models.