Home-centric visualization of network traffic for security administration

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Home-centric visualization of network traffic for security administration

Full text

Pdf (1.92 MB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security table of contents

Washington DC, USA

SESSION: VizSEC link analysis session table of contents

Pages: 55 - 64

Year of Publication: 2004

ISBN:1-58113-974-8

Authors

Robert Ball	Virginia Polytechnic Institute and State University
Glenn A. Fink	Virginia Polytechnic Institute and State University
Chris North	Virginia Polytechnic Institute and State University

Sponsors

ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 18, Downloads (12 Months): 227, Citation Count: 8

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1029208.1029217 What is a DOI?

ABSTRACT

Today's system administrators, burdened by rapidly increasing network activity, must quickly perceive the security state of their networks, but they often have only text-based tools to work with. These tools often provide no overview to help users grasp the big-picture. Our interviews with administrators have revealed that they need visualization tools; thus, we present VISUAL (Visual Information Security Utility for Administration Live), a network security visualization tool that allows users to see communication patterns between their home (or internal) networks and external hosts. VISUAL is part of our Network Eye security visualization architecture, also described in this paper.

We have designed and tested a new computer security visualization that gives a quick overview of current and recent communication patterns in the monitored network to the users. Many tools can detect and show fan-out and fan-in, but VISUAL shows network events graphically, in context. Visualization helps users comprehend the intensity of network events more intuitively than text-based tools can. VISUAL provides insight for networks with up to 2,500 home hosts and 10,000 external hosts, shows the relative activity of hosts, displays them in a constant relative position, and reveals the ports and protocols used.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	B. Cheswick, H. Burch, and S. Branigan. Mapping and visualizing the internet. In Proceedings of the 2000 USENIX Annual Technical Conference, pages 1--12. USENIX Assoc., 2000.
	2	J. T. Cota. Implementacion de un monitor y analizador grafico de red en el entorno gnome, July 2001.
	3	R. F. Erbacher. Intrusion behavior detection through visualization. In Proceedings of IEEE International Conference on Systems, Man and Cybernetics, pages 2507--2513. IEEE, IEEE Computer Society, 2003.
	4	Cristian Estan , Stefan Savage , George Varghese, Automatically inferring patterns of resource consumption in network traffic, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, August 25-29, 2003, Karlsruhe, Germany [doi>10.1145/863955.863972]
	5	Deborah Frincke, Balancing cooperation and risk in intrusion detection, ACM Transactions on Information and System Security (TISSEC), v.3 n.1, p.1-29, Feb. 2000 [doi>10.1145/353323.353324]
	6	D. A. Frincke, D. Tobin, J. C. McConnell, J. Marconi, and D. Polla. A framework for cooperative intrusion detection. In Proc. 21st NIST-NCSC National Information Systems Security Conference, pages 361--373. NIST, 1998.
	7	Luc Girardin, An Eye on Network Intruder-Administrator Shootouts, Proceedings of the Workshop on Intrusion Detection and Network Monitoring, p.19-28, April 09-12, 1999
	8	Ivan Herman , Guy Melançon , M. Scott Marshall, Graph Visualization and Navigation in Information Visualization: A Survey, IEEE Transactions on Visualization and Computer Graphics, v.6 n.1, p.24-43, January 2000 [doi>10.1109/2945.841119 ]
	9	Daniel A. Keim, Designing Pixel-Oriented Visualization Techniques: Theory and Applications, IEEE Transactions on Visualization and Computer Graphics, v.6 n.1, p.59-78, January 2000 [doi>10.1109/2945.841121 ]
	10	Daniel A. Keim , Annemarie Herrmann, The Gridfit algorithm: an efficient and effective approach to visualizing large amounts of spatial data, Proceedings of the conference on Visualization '98, p.181-188, October 18-23, 1998, Research Triangle Park, North Carolina, United States
	11	Q. Li and C. North. Empirical comparison of dynamic query sliders and brushing histograms. In Proceedings of the IEEE Symposium on Information Visualization 2003, pages 147--153. IEEE Computer Society, 2003.
	12	Richard Lippmann , Joshua W. Haines , David J. Fried , Jonathan Korba , Kumar Das, The 1999 DARPA off-line intrusion detection evaluation, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.34 n.4, p.579-595, Oct. 2000 [doi>10.1016/S1389-1286(00)00139-0 ]
	13	D. McGuire. Study: Online crime costs rising, http://www.washingtonpost.com/wpdyn/articles/a53042-52004may53024.html, 2004.
	14	C. North, U. Farooq, and D. Akhter. Datawear: Revealing trends of dynamic data in visualizations. In LBHT Proc. IEEE Symposium on InfoVis 2001, pages 8--11. IEEE, IEEE computer Society, October 2001.
	15	Lucy Nowell , Elizabeth Hetzler , Ted Tanasse, Change Blindness in Information Visualization: A Case Study, Proceedings of the IEEE Symposium on Information Visualization 2001 (INFOVIS'01), p.15, October 22-23, 2001
	16	Kofi Nyarko , Tanya Capers , Craig Scott , Kemi Ladeji-Osias, Network Intrusion Visualization with NIVA, an Intrusion Detection Visual Analyzer with Haptic Integration, Proceedings of the 10th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems, p.277, March 24-25, 2002
	17	George Robertson , Mary Czerwinski , Kevin Larson , Daniel C. Robbins , David Thiel , Maarten van Dantzich, Data mountain: using spatial memory for document management, Proceedings of the 11th annual ACM symposium on User interface software and technology, p.153-162, November 01-04, 1998, San Francisco, California, United States [doi>10.1145/288392.288596]
	18	Ben Shneiderman, The Eyes Have It: A Task by Data Type Taxonomy for Information Visualizations, Proceedings of the 1996 IEEE Symposium on Visual Languages, p.336, September 03-06, 1996
	19	Tcpdump public repository, June 2004.
	20	Soon Tee Teoh , Kwan-Liu Ma , S. Felix Wu, A Visual Exploration Process for the Analysis of Internet Routing Data, Proceedings of the 14th IEEE Visualization 2003 (VIS'03), p.69, October 22-24, 2003 [doi>10.1109/VISUAL.2003.1250415]
	21	B. Tversky. Distortions in cognitive maps. Geoforum, 23(2):131--138, 1992.
	22	H. Venter and J. Eloff. A taxonomy for information security technologies. Computers and Security, 22:299--307, May 2003.
	23	C. Wickens, D. Sandry, and M. Vidulich. Compatibility and resource competition between modalities of input, central processing, and output. Human Factors, 25(2):227--248, 1983.

CITED BY 8

	Jean-Pierre van Riel , Barry Irwin, InetVis, a visual tool for network telescope traffic analysis, Proceedings of the 4th international conference on Computer graphics, virtual reality, visualisation and interaction in Africa, January 25-27, 2006, Cape Town, South Africa
	Erwan Le Malécot , Masayoshi Kohara , Yoshiaki Hori , Kouichi Sakurai, Interactively combining 2D and 3D visualization for network traffic monitoring, Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA
	Weichao Wang , Aidong Lu, Visualization assisted detection of sybil attacks in wireless networks, Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA
	Ramona Su Thompson , Esa M. Rantanen , William Yurcik , Brian P. Bailey, Command line or pretty lines?: comparing textual and visual interfaces for intrusion detection, Proceedings of the SIGCHI conference on Human factors in computing systems, April 28-May 03, 2007, San Jose, California, USA
	Evan Hughes , Anil Somayaji, Towards network awareness, Proceedings of the 19th conference on Large Installation System Administration Conference, p.12-12, December 04-09, 2005, San Diego, CA
	Soon Tee Teoh , Supranamaya Ranjan , Antonio Nucci , Chen-Nee Chuah, BGP eye: a new visualization tool for real-time detection and analysis of BGP anomalies, Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA
	Warren Harrop , Grenville Armitage, Real-time collaborative network monitoring and control using 3D game engines for representation and interaction, Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA
	Weichao Wang , Aidong Lu, Interactive wormhole detection and evaluation, Information Visualization, v.6 n.1, p.3-17, March 2007