Understanding the context of network traffic alerts

Cappers, Bram C.M.; Wijk, Jarke J. van

doi:10.1109/vizsec.2016.7739579

Cited by 19 publications

(5 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Gove and Deason [13] introduced a flow visualization by integrating Discrete Fourier Transforms. Cappers and van Wijk [14] designed a composite visualization system by creating multiple visualizations, including heatmap, node-link diagram, and bar graphs. Xiao et al [15] considered upgrading a simple network visualization by adding domain knowledge to help users understand network patterns more clearly through the colored representation of network traffic data.…”

Section: Related Workmentioning

confidence: 99%

“…We also found that parallel coordinates and scatterplot visualizations are not broadly used due to the difficulty of handling massive network traffic data. Among the different visualization systems, two of them [14,18] are not clearly stated in the paper whether they are designed as web-based visualizations or not. Although visualization offers essential features for users to analyze network traffic data, many studies still have focused on presenting original network traffic data with simple visualization techniques [31,32].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Interactive Web-Based Visual Analysis on Network Traffic Data

et al. 2022

View full text Add to dashboard Cite

Network traffic data analysis is important for securing our computing environment and data. However, analyzing network traffic data requires tremendous effort because of the complexity of continuously changing network traffic patterns. To assist the user in better understanding and analyzing the network traffic data, an interactive web-based visualization system is designed using multiple coordinated views, supporting a rich set of user interactions. For advancing the capability of analyzing network traffic data, feature extraction is considered along with uncertainty quantification to help the user make precise analyses. The system allows the user to perform a continuous visual analysis by requesting incrementally new subsets of data with updated visual representation. Case studies have been performed to determine the effectiveness of the system. The results from the case studies support that the system is well designed to understand network traffic data by identifying abnormal network traffic patterns.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Interactive Web-Based Visual Analysis on Network Traffic Data

et al. 2022

View full text Add to dashboard Cite

show abstract

“…However, because of the tiny time interval when recording log files, the original Netflow log data are always cumbersome and redundant. Cappers et al proposed an alert-oriented method known as Contextual analyzed network traffic alerts to help users analyze network traffic [10]. Yoo [11] proposed LongLine to enable visual analytics of large-scale audit logs.…”

Section: A Analysis Of Network Log Filesmentioning

confidence: 99%

Owleyes: A Visual Analytics System for Functions and Connection Patterns of IPv4 Addresses in Networks

Yan

He²,

Liu

et al. 2020

IEEE Access

View full text Add to dashboard Cite

Netflow log files commonly contain massive transfer records in tiny time interval, making analytical works complex and burdensome. By combining human cognition abilities with computerized techniques, visual analytics systems have become efficient tools for showing network states and locating abnormal behaviors. However, traditional visual analytics systems tend to be designed for solving certain problems and unable to synthesize various types of data sources. Despite recent advances in network security visualization, academia still starves for a proper solution to visualize IPv4 address behavior modes and IPv4 connection patterns within limited drawing space. Thus, we propose a visual analytics system called 'Owleyes' which reprocesses Netflow log data with simple statistical operations in basic dimensions and fulfills the aforementioned requirements with proper novel graphs such as 'sunburst-hive-plot graph' (SHG) and link-wheel graph (LW). The SHG provides a stable and comparable means of visualizing connection patterns efficiently in a limited drawing space. The LW represents the hourly connection counts of main ports in a specific IPv4 connection during one day. With the use case dealing with the ChinaVis 2016 Challenge I data, the efficiency and practicability of Owleyes are demonstrated. INDEX TERMS Visual analytics, network security, sunburst-hiveplot graph, link wheel graph, user-centric interaction. HAIBO HU received the master's degree in software engineering and the Ph.D. degree in computer science from Chongqing University, China, in 2004 and 2012, respectively. He is currently an Associate Professor with the School of Big Data and Software Engineering, Chongqing University. He is also a Research Associate with the Key Laboratory for Dependable Service Computing in Cyber Physical Society of the Ministry of Education, China. His current research interests include software engineering, pattern recognition, semantic web, and visual analytics.

show abstract

“…Various systems have been proposed to visualize DPI data for the detection of Advanced Persistent Threats [32]. Systems like WireShark [11], SNAPS [8], and CoNTA [9] already support the analysis of traffic at application level, but the provided search mechanisms and visualizations do not support the comparison and analysis of sequential patterns in network traffic. However, Camiña et al [7] showed that for the detection of for instance masquerade attacks, the analysis of sequential patterns is crucial.…”

Section: Deep Packet Inspectionmentioning

confidence: 99%

“…The way we group packets into sequences therefore determines the type of patterns that stand out. This is also referred to as context [9].…”

Section: Partition Strategiesmentioning

confidence: 99%

Eventpad: Rapid Malware Analysis and Reverse Engineering using Visual Analytics

Cappers

Meessen

Etalle

et al. 2018

2018 IEEE Symposium on Visualization for Cyber Security (VizSec)

Self Cite

View full text Add to dashboard Cite

DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers. Link to publication General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal. If the publication is distributed under the terms of Article 25fa of the Dutch Copyright Act, indicated by the "Taverne" license above, please follow below link for the End User Agreement:

show abstract

Understanding the context of network traffic alerts

Cited by 19 publications

References 30 publications

Interactive Web-Based Visual Analysis on Network Traffic Data

Interactive Web-Based Visual Analysis on Network Traffic Data

Owleyes: A Visual Analytics System for Functions and Connection Patterns of IPv4 Addresses in Networks

Eventpad: Rapid Malware Analysis and Reverse Engineering using Visual Analytics

Contact Info

Product

Resources

About