The design of VisflowConnect-IP: A link analysis system for IP security situational awareness

Proceedings - 3rd IEEE International Workshop on Information Assurance, IWIA 2005

Volumn , Issue , 2005, Pages 141-153

  Yin, Xiaoxin ^a   Yurcik, William ^a   Slagell, Adam ^a  

^a UNIVERSITY OF ILLINOIS AT URBANA CHAMPAIGN   (United States)

Author keywords

Link analysis; NetFlow; Security situational awareness; Security visualization

Indexed keywords

DATA VISUALIZATION; DESIGN; DYNAMICS; INTERNET PROTOCOLS; NETWORK ARCHITECTURE; NETWORK SECURITY; VISUALIZATION;

ANALYSIS SYSTEM; COMPLEX TEMPORAL RELATIONSHIPS; DESIGN DECISIONS; IP SECURITY; LARGE DATA VOLUMES; LINK ANALYSIS; NETFLOWS; SECURITY SITUATIONAL AWARENESS; SECURITY VISUALIZATION; TRAFFIC DYNAMICS;

COMPLEX NETWORKS;

EID: 84899508937     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (30)

1. C. Abad, Y. Li, K. Lakkaraju, X. Yin, W. Yurcik. Correlation Between NetFlow System and Network Views for Intrusion Detection. Workshop on Link Analysis, Counter-terrorism, and Privacy held in conjunction with SDM 2004, 2004.
2. C. Abad, J. Taylor, C. Sengul, W. Yurcik, Y. Zhou, K. Rowe. Log Correlation for Intrusion Detection: A Proof of Concept. Annual Computer Security Applications Conf. (AC-SAC), 2003.
3. S. Axelsson. Visualisation for Intrusion Detection - Hooking the Worm. Eighth European Symposium on Research in Computer Security (ESORICS), Lecture Notes in Computer Science (LNCS) 2808, Springer, 2003.
4. R. Ball, G. A. Fink, C. North. Home-Centric Visualization of Network Traffic for Security Administration. CCS Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC), 2004.
5. R. Bearavolu, K. Lakkaraju, W. Yurcik, H. Raje. A Visualization Tool for Situational Awareness of Tactical and Strategic Security Events on Large and Complex Computer Networks. IEEE Milcom, 2003.
6. R. Becker, S. Eick, A. Wilks. Visualizing network data. Readings in Information Visualization: Using Vision to Think, 1999.
7. T. Bray. Measuring the Web. Readings in Information Visualization: Using Vision to Think, 1999.
8. G. Conti, K. Abdullah. Passive Visual Fingerprinting of Network Attack Tools. CCS Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC), 2004.
9. K. Cox, S. Eick, T. He. 3D Geographic Network Displays. ACM SIGMOD Record, 25(4):50-54, 1996.
10. F. Cuppens, A. Miege. Alert Correlation in a Cooperative Intrusion Detection Framework. IEEE Symp. on Security and Privacy, 2002.
11. C. Davidson. What Your Database Hides Away. New Scientist, 1993.
12. H. Debar, A. Wespi. Aggregation and Correlation of Intrusion Detection Alerts. RAID, 2001.
13. M. Dodge, R. Kitchin. Atlas of Cyberspace. Addison-Wesley, 2001.
14. S. Eick, G. Wills. Navigating Large Networks with Hierarchies. IEEE Visualization, 1993.
15. R. Erbacher, K. Walker, D. Frincke. Intrusion and Misuse Detection in Large-Scale Systems. IEEE Comp. Graphics and Applications, 22(1):38-48, 2002.
16. R. Henning, K. Fox. The Network Vulnerability Tool (NVT) - A System Vulnerability Visualization Architecture. NISSC, 2000.
17. C. Krugel, T. Toth, C. Kerer. Decentralized Event Correlation for Intrusion Detection. Intl. Conf. on Info. Sec. and Cryptology (ICISC), 2001.
18. C. Krugel, T. Toth, E. Kirda. Service Specific Anomaly Detection for Network Intrusion Detection. ACM Sym. on Applied Computing, 2002.
19. K. Lakkaraju, W. Yurcik, A. J. Lee, R. Bearavolu, Y. Li, X. Yin. NVisionIP: NetFlow Visualizations of System State for Security Situational Awareness” CCS Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC), 2004.
20. W. Lee, D. Xiang. Information-Theoretic Measures for Anomaly Detection. IEEE Sym. on Sec. and Privacy, 2001.
21. W. Lee, S. J. Stolfo, K. W. Mok. A Data Mining Framework for Building Intrusion Detection Models. IEEE Sym. on Sec. and Privacy, 1999.
22. S. T. Teoh et al. Elisha: a Visual-based Anomaly Detection System. RAID, 2002.
23. S. T. Teoh, K. Ma, S. F. Wu. A Visual Exploration Process for the Analysis of Internet Routing Data. IEEE Visualization, 2003.
24. S. T. Teoh, K. Ma, S. F. Wu, X. Zhao. Case Study: Internet Visualization for Internet Security. IEEE Visualization, 2002.
25. S. T. Teoh, K. Zhang, S. Tseng, K. Ma, S. F. Wu. Combining Visual and Automated Data Mining for Near-Real-Time Anomaly Detection and Analysis in BGP. CCS Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC), 2004.
26. A. Valdes, K. Skinner. Probabilistic Alert Correlation. RAID, 2001.
27. X. Yin, K. Lakkaraju, Y. Li, W. Yurcik. Selecting Log Data Sources to Correlate Attack Traces for Computer Network Security: Preliminary Results. 11th Intl. Conf. on Telecom. Systems, 2003.
28. X. Yin, W. Yurcik, Y. Li, K. Lakkaraju, C. Abad. VisFlowConnect: Providing Security Situational Awareness by Visualizing Network Traffic Flows. Workshop on Information Assurance (WIA 04) held in conjunction with IPCCC 2004, 2004.
29. X. Yin, W. Yurcik, M. Treaster, Y. Li, K. Lakkaraju. VisFlowConnect: NetFlow Visualization of Link Relationships for Security Situational Awareness. VizSEC/DMSEC, 2004.
30. W. Yurcik, J. Barlow, K. Lakkaraju, M. Haberman. Two Visual Computer Network Security Monitoring Tools Incorporating Operator Interface Requirements. ACM CHI Workshop on Human-Computer Interaction and Security Systems (HCISEC), 2003.