Visualizing security incidents in a computer network

US 6,906,709 B1
Filed: 02/26/2002
Issued: 06/14/2005
Est. Priority Date: 02/27/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method of visualizing information about the security of a network, the method comprising:

providing a 3-D visualization tool for simulating 3-D space on a two dimensional display device, said tool for accessing a database which relationally associates security events with network elements, wherein said database includes;

temporal information reflecting a time at which each said security event occurred;

information relating to a first property of each network element; and

information relating to a second property of each network element;

wherein each said security event is associated with at least one of a plurality of categories of security events;

wherein said network elements are represented by geometric objects;

visually depicting at least some of said categories of security events in a first section of said simulated 3-D space;

wherein said first section of simulated 3-D space displays a first graph having a security event category axis and a temporal axis, each said displayed security event being visually indicated at a position on said graph corresponding to the category and time of the security event;

visually depicting at least some of said network elements in a second section of said simulated 3-D space;

wherein said second section of simulated 3-D space displays a second graph having an axis pertaining to said first property and an axis pertaining to said second property, said graphical objects representing said network elements being displayed on the graph at axes positions corresponding to the first and second properties thereof; and

displaying association lines in said 3-D simulated space between one or more displayed categories of security events and one or more displayed network elements;

wherein said association lines being drawn between said first graph and said second graph.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of visualizing the impact of security flaws or breaches in a network. A 3-D visualization tool that simulates 3-D space on a monitor interfaces with a security database which relationally associates security events with the network elements affected thereby. The security events are visually depicted in a first section of simulated 3-D space and the network elements are depicted in a second section of simulated 3-D space. Relationship lines are drawn between displayed categories of security events and the displayed network elements in order to aid an analyst to visualize the impact of security breaches on the organization. Various other properties of the network elements may also be displayed such as the role of the network device within the organization, and the business functions of the organization.

124 Citations

17 Claims

1. A method of visualizing information about the security of a network, the method comprising:
- providing a 3-D visualization tool for simulating 3-D space on a two dimensional display device, said tool for accessing a database which relationally associates security events with network elements, wherein said database includes;
  
  temporal information reflecting a time at which each said security event occurred;
  
  information relating to a first property of each network element; and
  
  information relating to a second property of each network element;
  
  wherein each said security event is associated with at least one of a plurality of categories of security events;
  
  wherein said network elements are represented by geometric objects;
  
  visually depicting at least some of said categories of security events in a first section of said simulated 3-D space;
  
  wherein said first section of simulated 3-D space displays a first graph having a security event category axis and a temporal axis, each said displayed security event being visually indicated at a position on said graph corresponding to the category and time of the security event;
  
  visually depicting at least some of said network elements in a second section of said simulated 3-D space;
  
  wherein said second section of simulated 3-D space displays a second graph having an axis pertaining to said first property and an axis pertaining to said second property, said graphical objects representing said network elements being displayed on the graph at axes positions corresponding to the first and second properties thereof; and
  
  displaying association lines in said 3-D simulated space between one or more displayed categories of security events and one or more displayed network elements;
  
  wherein said association lines being drawn between said first graph and said second graph.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein said association lines are drawn between positions of said first graph and said graphical objects representing said network elements.
  - 3. The method according to claim 2, wherein:
    - the first property is organizational role information for correlating each network element with a role in, or department of, the organization; and
      
      the second property is location information for indicating the physical location of each network element.
  - 4. The method according to claim 1, including drawing a trusted relationship line between a graphical object representing a first network element and a graphical object representing a second network element if the first network element can access data associated with the second network element.
  - 5. The method according to claim 1, including differentiating amongst various types of network elements by varying the visual attributes or screen positions of said graphical objects representing said network elements.
  - 6. The method according to claim 1, including displaying the frequency of security events at various positions in said first graph.
  - 7. The method according to claim 1, including:
    - storing in said database information about identities of attackers causing said security events;
      
      visually depicting said attackers as geometrical objects in a third section of said simulated 3-D space; and
      
      drawing association lines between said attackers and said security events.
  - 8. The method according to claim 1, wherein said categories of security events are selected from the following group of event types:
    - packet insertion, packet interception, application access, system file access, network access, denial of service, access permission, sniffing, security setup, impersonation, encryption, firewall.

9. A method of visualizing information about the security of a network, the method comprising:
- recording security events and the network elements affected thereby;
  
  associating each security event with at least one of a plurality of categories of security events;
  
  providing a 3-D visualization tool for simulating 3-D space on a two dimensional display device and using said tool;
  
  visually depicting at least some of the categories of security events in a first section of simulated 3-D space;
  
  visually depicting at least some of the network elements in a second section of simulated 3-D space;
  
  drawing association lines between one or more displayed categories of security events and one or more displayed network elements affected thereby recording a time at which each security event occurred;
  
  associating each network element with at least two properties;
  
  displaying in the first section of simulated 3-D space a first grid of cells, each cell being associated with a security event category and a temporal value, the security events being visually indicated by the cells of the first grid; and
  
  displaying in the second section of simulated 3-D space a second grid of cells, each cell being associated with an instance of the first property and an instance of the second property, wherein each displayed network element is represented by a geometric object disposed at a cell of the second grid that corresponds to the first and second properties of the network system;
  
  said association lines being drawn between cells of the first grid and cells of the second grid.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method according to claim 9, wherein the first property is an organizational role of the network element, and the second property is a physical location of the network element.
  - 11. The method according to claim 9, including drawing a trusted relationship line between a graphical object representing a first network element and a graphical object representing a second network element if the first element can access data associated with the second element.
  - 12. The method according to claim 9, including differentiating amongst various types of network elements by varying the visual attributes or screen positions of the respective geometric objects.
  - 13. The method according to claim 9, including displaying the frequency of security event at the cells of the first grid.
  - 14. The method according to claim 9, including:
    - recording identities of attackers causing the security events;
      
      visually depicting the attackers as geometrical objects in a third section of the simulated 3-D space; and
      
      drawing association lines between the attackers and the security events.

15. A method of visualizing information about the security of a network, the method comprising:
- recording security events and the network elements affected thereby;
  
  recording a time at which each security event occurred;
  
  associating each security event with at least one of a plurality of categories of security events;
  
  associating each network element with one or more additional properties;
  
  providing a 3-D visualization tool for simulating 3-D space on a two dimensional display device, and using said tool;
  
  displaying a first grid of cells in the simulated 3-D space, each cell being associated with a security event category and a temporal value, the security events being visually indicated by the cells of the first grid;
  
  displaying a second grid of cells in the simulated 3-D space, each cell being associated with at least one of said properties, wherein each displayed network element is represented by a geometric object disposed at a cell of the second grid that corresponds to the value of said at least one property; and
  
  drawing association lines between one or more displayed security events and one or more displayed network elements affected thereby.
- View Dependent Claims (16)
- - 16. The method according to claim 15, including:
    - recording identities of attackers causing the security events;
      
      visually depicting the attackers as geometrical objects in the simulated 3-D space; and
      
      drawing association lines between the attackers and the security events.

17. Software for visualizing information stored in a database about the security of a network, wherein said database records:
- security events and the network elements associated therewith, each security event being associated with at least one of a plurality of categories of security events, each network element being associated with at least one property; and
  
  a time at which each security event occurred;
  
  the software including code for;
  
  simulating 3-D space on a two dimensional display device;
  
  displaying a first grid of cells in the simulated 3-D space, each cell being associated with a security event category and a temporal value, the security events being visually indicated by the cells of the first grid;
  
  displaying a second grid of cells in the simulated 3-D space, each cell being associated with an instance of a said at least one property, wherein a geometric object representing a displayed network element is disposed at a corresponding cell of the second grid; and
  
  drawing association lines between one or more displayed security events and one or more displayed network elements associated therewith.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Applied Visions, Inc.
Original Assignee
Applied Visions, Inc.
Inventors
Larkin, Mark E., D'Amico, Anita D.
Primary Examiner(s)
Zimmerman, Mark
Assistant Examiner(s)
Pappas, Peter-Anthony

Application Number

US10/083,962
Time in Patent Office

1,204 Days
Field of Search

345/419
US Class Current

345/419
CPC Class Codes

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Visualizing security incidents in a computer network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

124 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Visualizing security incidents in a computer network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links