Large-Scale Network Monitoring for Visual Analysis of Attacks

Fischer, Fabian; Mansmann, Florian; Keim, Daniel A.; Pietzko, Stephan; Waldvogel, Marcel

doi:10.1007/978-3-540-85933-8_11

Cited by 58 publications

(44 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…5. Analysis of a distributed network attack on the SSH service of a university network on May 11, 2008 using NFlowVis [7]. The circles on the outside represent hosts that attack the squared hosts in the internal network.…”

Section: Network Securitymentioning

confidence: 99%

“…By means of the Visual Analytics application NFlowVis [7] we demonstrate in this section how the combination of automatic and visual analysis can help security experts to more efficiently derive meaning out of the vast amount of security events and traffic data, which is a characteristic of the field. In particular, we use traffic patterns, which are common for signature-based intrusion detection systems and one day of network traffic statistics (NetFlows) from the main gateway of a medium sized university, which amounts to approximately 10 GB of raw data.…”

Section: Network Securitymentioning

confidence: 99%

See 1 more Smart Citation

Visual Analytics: Towards Intelligent Interactive Internet and Security Solutions

Davey

Mansmann

Kohlhammer

et al. 2012

The Future Internet

Self Cite

View full text Add to dashboard Cite

Abstract. In the Future Internet, Big Data can not only be found in the amount of traffic, logs or alerts of the network infrastructure, but also on the content side. While the term big data refers to the increase of the available data, this implicitly means that we must deal with problems at larger scale and thus hints at scalability issues in the analysis process of such data sets. Visual Analytics is an enabling technology, that offers new ways of extracting information from big data through intelligent, interactive internet and security solutions. It derives its effectiveness both from scalable analysis algorithms, that allow processing of large data sets, and from scalable visualizations. These visualizations take advantage of human background knowledge and pattern detection capabilities to find yet unknown patterns, to detect trends and to relate these findings to a holistic view on the problems. Besides discussing the origins of Visual Analytics, this paper presents concrete examples of how the two facets of content and infrastructure of the Future Internet can benefit from Visual Analytics. In conclusion, it is the confluence of both technologies that will open up new opportunities for businesses, e-governance and the public.

show abstract

Section: Network Securitymentioning

confidence: 99%

Section: Network Securitymentioning

confidence: 99%

Visual Analytics: Towards Intelligent Interactive Internet and Security Solutions

Davey

Mansmann

Kohlhammer

et al. 2012

The Future Internet

Self Cite

View full text Add to dashboard Cite

show abstract

“…Alsaleh et al [11] designed an open source system for intrusion detection and protection for PHP-based Web applications. At present, for the network security data visualization, many methods are used, such as matrix graph, tree diagram, folding map, map, thermal map, plane coordinate, three-dimensional graphics, scatter plot and radar map [12][13][14] . This article uses the graph database to visualize the event information to facilitate the forensic analysis of the event.…”

Section: Introductionmentioning

confidence: 99%

A Visualization Method Based on Graph Database in Security Logs Analysis

Tang¹,

Chunguang²,

Yu³

et al. 2017

2017 6th International Conference on Advanced Materials and Computer Science (ICAMCS 2017)

View full text Add to dashboard Cite

Abstract. Network security logs can provide evidence for forensic investigators. However, the network logs are facing the problems of high repetition rate, high false alarm rate, uniform format and so on, which make it difficult for forensic researchers to find useful information. In this paper, the association rules mining algorithm is used to analyze the network security logs, so as to eliminate the redundant data and to find the implied association between the logs data. Then the graph database is used to visualize the log information. Forensic analysts can obtain effective evidence by observing the graph database, which can improve the efficiency of the forensic analysts to discover the sensitive event information.

show abstract

“…Picviz [16] uses parallel coordinates to present relationships between multiple data dimensions like IP, port, packet number, TTL, and time. Treemaps [20] have been used to visualize hierarchical structures in network data, for example, in the NFlowVis system proposed by Fischer et al [3]. Scatterplots in PortVis and NVisionIP [8,10] highlight correlations between data dimensions.…”

Section: Introductionmentioning

confidence: 99%

Flexible web visualization for alert-based network security analytics

Hao

Healey

Hutchinson

2013

Proceedings of the Tenth Workshop on Visualization for Cyber Security

View full text Add to dashboard Cite

This paper describes a web-based visualization system designed for network security analysts at the U.S. Army Research Laboratory (ARL). Our goal is to provide visual support to the analysts as they investigate security alerts for malicious activity within their systems. Our ARL collaborators identified a number of important requirements for any candidate visualization system. These relate to the analyst's mental models and working environment, and to the visualization tool's configurability, accessibility, scalability, and "fit" with existing analysis strategies. To meet these requirements, we designed and implement a web-based tool that uses different types of charts as its core representation framework. A JavaScript charting library (RGraph) was extended to provide the interface flexibility and correlation capabilities needed to support analysts as they explore different hypotheses about a potential attack. We describe key elements of our design, explain how an analyst's intent is used to generate different visualizations, and show how the system's interface allows an analyst to rapidly produce a sequence of visualizations to explore specific details about a potential attack as they arise. We conclude with a discussion of plans to further improve the system, and to collect feedback from our ARL colleagues on its strengths and limitations in real-world analysis scenarios.

show abstract

Large-Scale Network Monitoring for Visual Analysis of Attacks

Cited by 58 publications

References 8 publications

Visual Analytics: Towards Intelligent Interactive Internet and Security Solutions

Visual Analytics: Towards Intelligent Interactive Internet and Security Solutions

A Visualization Method Based on Graph Database in Security Logs Analysis

Flexible web visualization for alert-based network security analytics

Contact Info

Product

Resources

About