Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations

CHIMIT 09 - Symposium on Computer-Human Interaction for Management of Information Technology

Volumn , Issue , 2009, Pages 19-28

  Mansmann, Florian ^a   Fischer, Fabian ^a   Keim, Daniel A ^a   North, Stephen C ^b  

^a UNIVERSITY OF KONSTANZ   (Germany)

^b AT AND T LABS RESEARCH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMMUNICATION PATTERN; DISTRIBUTED ATTACK; FLOW DATA; FORCE-DIRECTED LAYOUT; GRAPH REPRESENTATION; INTRUSION DETECTION SYSTEMS; LOCAL NETWORKS; MALICIOUS ACTIVITIES; MANAGED NETWORKS; NETWORK TRAFFIC; SERVICE USAGE; SUPPORT ANALYSIS; TREEMAP; TREEMAP VISUALIZATION; VISUAL REPRESENTATIONS;

COMPUTER CRIME; DATA VISUALIZATION; HUMAN COMPUTER INTERACTION; INFORMATION TECHNOLOGY; INTERACTIVE COMPUTER SYSTEMS; NETWORK SECURITY;

INTRUSION DETECTION;

EID: 74049124161     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1641587.1641590     Document Type: Conference Paper

References (23)

1. R. Ball, G. Fink, and C. North. Home-centric visualization of network traffic for security administration. Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pages 55-64, 2004.
2. C. Cranor, T. Johnson, O. Spataschek, and V. Shkapenyuk. Gigascope: a stream database for network applications. Proceedings of the 2003 ACM SIGMOD international conference on Management of data, pages 647-651, 2003.
3. J. Ellson, E. Gansner, L. Koutsofios, S. North, and G. Woodhull. Graphviz-Open Source Graph Drawing Tools. Lecture Notes in Computer Science, pages 483-484, 2002.
4. S. Foresti, J. Agutter, Y. Livnat, and S. Moon. Visual correlation of network alerts. IEEE Computer Graphics and Applications, 26(2):48-59, 2006.
5. J. R. Goodall, W. G. Lutters, P. Rheingans, and A. Komlodi. Preserving the Big Picture: Visual Network Trafffic Analysis with TNV. In VIZSEC '05: Proceedings of the IEEE Workshops on Visualization for Computer Security, Washington, DC, USA, 2005. IEEE Computer Society.
6. R. Greer. Daytona and the fourth-generation language Cymbal. Proceedings of the 1999 ACM SIGMOD international conference on Management of data, pages 525-526, 1999.
7. G. Gu, R. Perdisci, J. Zhang, and W. Lee. Botminer: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In USENIX Security Symposium, pages 139-154, 2008.
8. J. Heer, S. Card, and J. Landay. prefuse: a toolkit for interactive information visualization. In Proceedings of the SIGCHI conference on Human factors in computing systems, pages 421-430. ACM New York, NY, USA, 2005.
9. D. Holten. Hierarchical Edge Bundles: Visualization of Adjacency Relations in Hierarchical Data. IEEE Trans. Vis. Comput. Graph., 12(5):741-748, 2006.
10. T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. C. Freiling. Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm. In LEET, 2008.
11. B. Huffaker, E. Nemeth, and K. Claffy. Otter: A general-purpose network visualization tool. In Proc. INET 99, 1999.
12. H. Koike, H. Koike, K. Ohno, and K. Koizumi. Visualizing cyber attacks using IP matrix. In K. Ohno, editor, Proc. IEEE Workshop on Visualization for Computer Security (VizSEC 05), pages 91-98, 2005.
13. K. Lakkaraju, R. Bearavolu, A. Slagell, W. Yurcik, and S. North. Closing-the-Loop in NVisionIP: Integrating Discovery and Search in Security Visualizations. In Visualization for Computer Security, IEEE Workshops on, pages 9-9, 26 Oct. 2005.
14. F. Mansmann, F. Fischer, D. A. Keim, and S. C. North. Visualizing large-scale IP traffic flows. In Proceedings of 12th International Workshop Vision, Modeling, and Visualization, November 2007. Saarbrücken, Germany.
15. F. Mansmann, D. Keim, S. North, B. Rexroad, and D. Sheleheda. Visual Analysis of Network Traffic for Resource Planning, Interactive Monitoring, and Interpretation of Security Threats. IEEE Trans. Vis. Comput. Graph., pages 1105-1112, 2007.
16. NfSen - Netow Sensor. A graphical web based front end for the nfdump netow tools, 2007. http://nfsen.sourceforge.net/.
17. A. Oslebo. Stager A Web Based Application for Presenting Network Statistics. In Network Operations and Management Symposium, 2006. NOMS 2006. 10th IEEE/IFIP, pages 1-15, 2006.
18. T. Peng, C. Leckie, and K. Ramamohanarao. Survey of network-based defense mechanisms countering the dos and ddos problems. ACM Comput. Surv., 39(1):3, 2007.
19. M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis. A multifaceted approach to understanding the botnet phenomenon. In Internet Measurement Conference, pages 41-52, 2006.
20. N. Robison and J. Scaparra. Interactive network active-traffic visualization. Technical report, Texas A&M University, 2007. http: //inav.scaparra.com/docs/whitePapers/INAV.pdf.
21. B. Shneiderman. Tree visualization with tree-maps: 2-d space-filling approach. ACM Trans. Graph., 11(1):92-99, 1992.
22. P. Wang, S. Sparks, and C. Zou. An advanced hybrid peer-to-peer botnet. IEEE Transactions on, pages 1-1, 2003.
23. J. Zhang, P. A. Porras, and J. Ullrich. Highly predictive blacklisting. In USENIX Security Symposium, pages 107-122, 2008.