Paper Info
Title
Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations
Abstract
Network security depends heavily on automated Intrusion Detection Systems (IDS) to sense malicious activity. Unfortunately, IDS often deliver both too much raw information, and an incomplete local picture, impeding accurate assessment of emerging threats. We propose a system to support analysis of IDS logs, that visually pivots large sets of Net-Flows. In particular, two visual representations of the flow data are compared: a TreeMap visualization of local network hosts, which are linked through hierarchical edge bundles with the external hosts, and a graph representation using a force-directed layout to visualize the structure of the host communication patterns. Three case studies demonstrate the capabilities of our tool to 1) analyze service usage in a managed network, 2) detect a distributed attack, and 3) investigate hosts in our network that communicate with suspect external IPs.
Year
DOI
Venue
2009
10.1145/1641587.1641590
CHIMIT
Keywords
Field
DocType
incomplete local picture,managed network,suspect external ips,external host,visual support,network traffic,network security,treemap visualization,graph representation,intrusion detection event,accurate assessment,ids log,automated intrusion detection systems,local network host,intrusion detection system,intrusion detection
Data mining,Graph,Host-based intrusion detection system,Visualization,Computer science,Network security,Local area network,System administrator,Intrusion detection system,Graph (abstract data type)
Conference
Citations 
PageRank 
References 
24
1.06
18
Authors
4
Name
Order
Citations
PageRank
Florian Mansmann158935.91
Fabian Fischer219912.94
Daniel A. Keim377041141.60
Stephen C. North41123128.70