ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
NVisionIP: netflow visualizations of system state for security situational awareness
Full text PdfPdf (694 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security table of contents
Washington DC, USA
SESSION: VizSEC state analysis session table of contents
Pages: 65 - 72  
Year of Publication: 2004
ISBN:1-58113-974-8
Authors
Kiran Lakkaraju  University of Illinois at Urbana-Champaign, Champaign, IL
William Yurcik  University of Illinois at Urbana-Champaign, Champaign, IL
Adam J. Lee  University of Illinois at Urbana-Champaign, Champaign, IL
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 29,   Downloads (12 Months): 158,   Citation Count: 15
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1029208.1029219
What is a DOI?

ABSTRACT

The number of attacks against large computer systems is currently growing at a rapid pace. Despite the best efforts of security analysts, large organizations are having trouble keeping on top of the current state of their networks. In this paper, we describe a tool called NVisionIP that is designed to increase the security analyst's situational awareness. As humans are inherently visual beings, NVisionIP uses a graphical representation of a class-B network to allow analysts to quickly visualize the current state of their network. We present an overview of NVisionIP along with a discussion of various types of security-related scenarios that it can be used to detect.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Argus -- metrics. Web Page, Mar. 2001. h http://www.qosient.com/argus/metrics.htm i.
 
2
Ratna Bearavolu, Kiran Lakkaraju, William Yurcik, and Hrishikesh Raje. A visualization tool for situational awareness of tactical and strategic security events on large and complex computer networks. In IEEE Military Communications Conference (Milcom), 2003.
 
3
CERT/CC Statistics 1988--2003, Jan. 2004. h http://www.cert.org/stats/i. (Jun. 2004).
 
4
Martin Dodge and Rob Kitchin. Atlas of Cyberspace. Addison Wesley, Harlow, England, 2001.
 
5
Jana Dunn. Security applications for cisco net ow data. Technical report, SANS, Jul. 2001. h http: //www.sans.org/rr/papers/index.php?id=778 i.
 
6
Robert F. Erbacher and Deborah Frincke. Visual behavior characterization for intrusion and misuse detection. In SPIE '2001 Conference on Visual Data Exploration and Analysis VIII, pages 210--218, Jan. 2001.
 
7
Robert F. Erbacher, Kenneth L. Walker, and Deborah A. Frincke. Intrusion and misuse detection in large-scale systems. Computer Graphics and Applications, 22(1):38--48, Jan.--Feb. 2002.
 
8
Steve Romig, The OSU Flow-tools Package and CISCO NetFlow Logs, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
 
9
NCSA Automated Learning Group. D2K Toolkit User Manual. National Center for Supercomputing Applications, Apr. 2003. h http: //algdocs.ncsa.uiuc.edu/TU-20030425-1.pdf i .
10
Gene H. Kim , Eugene H. Spafford, The design and implementation of tripwire: a file system integrity checker, Proceedings of the 2nd ACM Conference on Computer and communications security, p.18-29, November 1994, Fairfax, Virginia, United States  [doi>10.1145/191177.191183]
11
Samuel T. King , Peter M. Chen, Backtracking intrusions, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
 
12
Kiran Lakkaraju, Ratna Bearavolu, and William Yurcik. Nvisionip -- a traffic visualization tool for security analysis of large and complex networks. In International Multiconference on Measurement, Modelling, and Evaluation of Computer-Communications Systems Performance TOOLS, 2003.
 
13
Kiran Lakkaraju, William Yurcik, Ratna Bearavolu, and Adam J. Lee. NVisionIP: An Interactive Network Flow Visualization Tool for Security. In IEEE International Conference on Systems, Man, and Cybernetics (SMC), 2004.
14
Stephen Lau, The Spinning Cube of Potential Doom, Communications of the ACM, v.47 n.6, June 2004  [doi>10.1145/990680.990699]
 
15
Bill Nickless, Combining Cisco NetFlow Exports with Relational Database Technology for Usage Statistics, Intrusion Detection, and Network Forensics, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
 
16
The network simulator -- ns--2. Web Page, May 2004. h http://www.isi.edu/nsnam/ns/ i .
 
17
OPNET Technologies, Inc. Web Page, Jun. 2004. h http://www.opnet.com i .
 
18
Adam G. Pennington, John D. Strunk, John Linwood, Griffin, Craig A.N. Soules, Garth R. Goodson, and Gregory R. Ganger. Storage-based intrusion detection: Watching storage activity for suspicious behavior. In USENIX Security Symposium 2003, 2003. h http: //www.pdl.cmu.edu/PDL-FTP/Secure/usenix03.pdf i .
 
19
Dave Plonka, FlowScan: A Network Traffic Flow Reporting and Visualization Tool, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
 
20
Secure decisions. Web Page, Jun. 2004. h http://www.securedecisions.com/ i .
21
Ben Shneiderman, Tree visualization with tree-maps: 2-d space-filling approach, ACM Transactions on Graphics (TOG), v.11 n.1, p.92-99, Jan. 1992  [doi>10.1145/102377.115768]
 
22
Security incident fusion toolkit SIFT, Jun.
 
23
CERT Advisory CA-2003-04 MS-SQL Server Worm. Web Page, Jan. 2003. h http: //www.cert.org/advisories/CA-2003-04.html i .
 
24
Snort: The open source network intrusion detection system. Web Page, Jun. 2004. h http://www.snort.org i .
 
25
Security threat manager. Web Page, Jun. 2004. h http://www.open.com/products/threatmanager/ threatmanager.shtml% i .
 
26
Soon Tee Teoh , Kwan Liu Ma , S. Felix Wu , Xiaoliang Zhao, Case study: interactive visualization for internet security, Proceedings of the conference on Visualization '02, October 27-November 01, 2002, Boston, Massachusetts
 
27
Edward R. Tufte, The visual display of quantitative information, Graphics Press, Cheshire, CT, 1986
 
28
United States Department of Homeland Security. Team Coordination Training, Student Guide, May 2004. h http://www.cgaux.info/g_ocx/training/tct/ i .
 
29
Xiaoxin Yin, William Yurcik, Yifan Li, Kiran Lakkaraju, and Cristina Abad. Vis owconnect: Providing security situational awareness by visualizing network traffic ows. In Workshop on Information Assurance (WIA04) held in conjunction with the 23rd IEEE International Performance Computing and Communications Conference (IPCCC), 2004.
 
30
William Yurcik, James Barlow, Kiran Lakkaraju, and Mike Haberman. Two visual computer network security monitoring tools incorporating operator interface. In ACM CHI Workshop on Human-Computer Interaction and Security Systems (HCISEC), 2003.
 
31
William Yurcik, Kiran Lakkaraju, James Barlow, and Jeff Rosendale. A prototype tool for visual data mining of network traffic for intrusion detection. In 3rd IEEE International Conference on Data Mining (ICDM) Workshop on Data Mining for Computer Security (DMSEC), 2003.

CITED BY  15
Pin Ren, Ensuring the continuing success of vizsec, Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA
William Yurcik, Tool update: NVisionIP improvements (difference view, sparklines, and shapes), Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA
 
William Yurcik, Visualizing NetFlows for security at line speed: the SIFT tool suite, Proceedings of the 19th conference on Large Installation System Administration Conference, p.16-16, December 04-09, 2005, San Diego, CA
Charles V. Wright , Fabian Monrose , Gerald M. Masson, Using visual motifs to classify encrypted traffic, Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA
Patrick Hertzog, Visualizations to improve reactivity towards security incidents inside corporate networks, Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA
Neal Patwari , Alfred O. Hero, III , Adam Pacholski, Manifold learning visualization of network traffic data, Proceeding of the 2005 ACM SIGCOMM workshop on Mining network data, August 26-26, 2005, Philadelphia, Pennsylvania, USA
Asaf Shabtai , Denis Klimov , Yuval Shahar , Yuval Elovici, An intelligent, interactive tool for exploration and visualization of time-oriented security data, Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA
Doantam Phan , Andreas Paepcke , Terry Winograd, Progressive multiples for communication-minded visualization, Proceedings of Graphics Interface 2007, May 28-30, 2007, Montreal, Canada
Ramona Su Thompson , Esa M. Rantanen , William Yurcik , Brian P. Bailey, Command line or pretty lines?: comparing textual and visual interfaces for intrusion detection, Proceedings of the SIGCHI conference on Human factors in computing systems, April 28-May 03, 2007, San Jose, California, USA
Xiaoxin Yin , William Yurcik , Michael Treaster , Yifan Li , Kiran Lakkaraju, VisFlowConnect: netflow visualizations of link relationships for security situational awareness, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA
 
Evan Hughes , Anil Somayaji, Towards network awareness, Proceedings of the 19th conference on Large Installation System Administration Conference, p.12-12, December 04-09, 2005, San Diego, CA
Weichao Wang , Aidong Lu, Visualization assisted detection of sybil attacks in wireless networks, Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA
Kurt Stockinger , E. Wes Bethel , Scott Campbell , Eli Dart , Kesheng Wu, Imaging and visual analysis---Detecting distributed scans using high-performance query-driven visualization, Proceedings of the 2006 ACM/IEEE conference on Supercomputing, November 11-17, 2006, Tampa, Florida
Weichao Wang , Aidong Lu, Interactive wormhole detection and evaluation, Information Visualization, v.6 n.1, p.3-17, March 2007
Warren Harrop , Grenville Armitage, Real-time collaborative network monitoring and control using 3D game engines for representation and interaction, Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Invasive software (e.g., viruses, worms, Trojan horses)


General Terms:
Human Factors, Management, Security


Keywords:
NetFlows, security system state, security visualization, situational awareness

Collaborative Colleagues:
Kiran Lakkaraju: colleagues
William Yurcik: colleagues
Adam J. Lee: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player