A dissertation submitted in partial fulfillment of the requirements for the award of master of science in data communications in the Faculty of Computing and Information Management at KCA University
Visualization of Computer network security events is a very important method for detecting, responding to, and resolving security incidents. Recently there has been a lot of interest in network security visualization which have led to the development of Network security visualization tools both in research and commercial domains. These Network security visualization tools utilise diverse visualization techniques to achieve their objective of providing awareness and insight into computer network security. While there are many network security visualization tools available in both domains, security administrators lack a mechanism that assist them in selecting tools which would best meet their task-based network security requirements. This Dissertation is a step forward towards assisting security administrators’ select appropriate network security visualization and further aid them in developing requirements for network security visualization if the existing ones do not meet such requirements. The dissertation analyses requirements from security administrators and utilises them in designing a framework that would be used in selecting an appropriate application for a defined task. The Dissertation evaluated sampled visualization tools and ranked them using the proposed network security visualization framework. The Research depicts important findings in network security visualization tools. It is evident from the research that security administrators rarely conduct any formal evaluation when selecting network security visualizations tools. This has led to low adoption such tools among security administrators and a mismatch between tools and tasks. Formal evaluation of Network security visualization tools can go a long way to make sure that the applications in use by the security administrators are always subjected to a formal evaluation hence increasing adoption, testing and overall usage in managing computer network vulnerabilities.