Name
Abstract | ||
|---|---|---|
Monitoring, anomaly detection and forensics are essential tasks that must be carried out routinely for every computer network. The sheer volume of data generated by conventional anomaly detection tools such as Snort often makes it difficult to explain the nature of an attack and track down its source. In this paper we present TVi, a tool that combines multiple visual representations of network traces carefully designed and tightly coupled to support different levels of visual-based querying and reasoning required for making sense of complex traffic data. TVi allows analysts to visualize data starting at a high level, providing information related to the entire network, and easily move all the way down to a very low level, providing detailed information about selected hosts, anomalies and attack paths. We designed TVi with scalability and extensibility in mind: its DBMS foundations make it scalable with virtually no limitations, and other state-of-the-art IDS, like Snort or Bro, can be easily integrated in our tool. We demonstrate with two case studies, a synthetic dataset (DARPA 1999) and a real one (University of Brescia, UniBS, 2009), how TVi can enhance a network administrator's ability to reveal hidden patterns in network traces and link their key information so as to easily reveal details that by merely observing Snort's output would go unnoticed. We make TVi's source code available to the community under an Open Source license. |
Year | DOI | Venue |
|---|---|---|
2011 | 10.1145/2016904.2016905 | VizSEC |
Keywords | Field | DocType |
key information,attack path,network administrator,conventional anomaly detection tool,complex traffic data,entire network,anomaly detection,detailed information,network monitoring,network trace,computer network,visual querying system,source code | Data mining,Anomaly detection,Source code,Computer security,Computer science,Network administrator,Network monitoring,Extensibility,License,Scalability | Conference |
Citations | PageRank | References |
15 | 0.74 | 21 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Alberto Boschetti | 1 | 35 | 3.22 |
| Luca Salgarelli | 2 | 937 | 81.17 |
| Chris Muelder | 3 | 355 | 19.62 |
| Kwan-Liu Ma | 4 | 5145 | 334.46 |