Monitoring large IP spaces with ClockView

Lade...
Vorschaubild
Dateien
Keim_Monitoring.pdf
Keim_Monitoring.pdfGröße: 5.84 MBDownloads: 764
Datum
2011
Herausgeber:innen
Kontakt
ISSN der Zeitschrift
Electronic ISSN
ISBN
Bibliografische Daten
Verlag
Schriftenreihe
Auflagebezeichnung
ArXiv-ID
Internationale Patentnummer
Angaben zur Forschungsförderung
Projekt
Open Access-Veröffentlichung
Open Access Green
Core Facility der Universität Konstanz
Gesperrt bis
Titel in einer weiteren Sprache
Publikationstyp
Beitrag zu einem Konferenzband
Publikationsstatus
Published
Erschienen in
Proceedings of the 8th International Symposium on Visualization for Cyber Security - VizSec '11. New York, New York, USA: ACM Press, 2011, pp. 1-10. ISBN 978-1-4503-0679-9. Available under: doi: 10.1145/2016904.2016906
Zusammenfassung

The growing amounts of hosts that are placed into the networks represent an enormous challenge to most network administrators who have to monitor these hosts conscientiously. While automatically monitoring the network for slow or failing components has become common practice, defining an acceptable state of the system is only possible to a very limited extent and thus exploratory analysis tasks by real human analysts complement the analysis process. However, this is a problem of scale since it is infeasible to manually inspect thousands of hosts without proper visual support for the tasks of gaining an overview, focusing and retrieving details on demand. In this paper we present a design study to enable visual support for monitoring large IP spaces. In particular, the presented system features 1) a scalable glyph representation in the style of a clock for giving an overview of the activity over time of thousands of hosts in the network, 2) subnet and port views for focusing the analysis to a particular subset of the data and 3) detailed pixel matrix visualizations for interpreting concrete traffic patterns. Furthermore, the tool's feedback loop, which is implemented through interaction capabilities, allows for retrieving new details, refocusing and enhancing of the overview.

Zusammenfassung in einer weiteren Sprache
Fachgebiet (DDC)
004 Informatik
Schlagwörter
Network security, pattern detection
Konferenz
the 8th International Symposium, 20. Juli 2011 - 20. Juli 2011, Pittsburgh, Pennsylvania
Rezension
undefined / . - undefined, undefined
Forschungsvorhaben
Organisationseinheiten
Zeitschriftenheft
Datensätze
Zitieren
ISO 690KINTZEL, Christopher, Johannes FUCHS, Florian MANSMANN, 2011. Monitoring large IP spaces with ClockView. the 8th International Symposium. Pittsburgh, Pennsylvania, 20. Juli 2011 - 20. Juli 2011. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security - VizSec '11. New York, New York, USA: ACM Press, 2011, pp. 1-10. ISBN 978-1-4503-0679-9. Available under: doi: 10.1145/2016904.2016906
BibTex
@inproceedings{Kintzel2011Monit-18654,
  year={2011},
  doi={10.1145/2016904.2016906},
  title={Monitoring large IP spaces with ClockView},
  isbn={978-1-4503-0679-9},
  publisher={ACM Press},
  address={New York, New York, USA},
  booktitle={Proceedings of the 8th International Symposium on Visualization for Cyber Security - VizSec '11},
  pages={1--10},
  author={Kintzel, Christopher and Fuchs, Johannes and Mansmann, Florian}
}
RDF
<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/18654">
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/18654"/>
    <dc:contributor>Kintzel, Christopher</dc:contributor>
    <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
    <dcterms:bibliographicCitation>First publ. in: VizSec '11 2011 International Symposium on Visualization for Cyber Security : Pittsburgh, PA, USA — July 20 - 20, 2011. -  ACM : New York, NY, 2011. - Article No. 2. - ISBN: 978-1-4503-0679-9</dcterms:bibliographicCitation>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2012-03-20T09:55:47Z</dcterms:available>
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <dc:contributor>Mansmann, Florian</dc:contributor>
    <dc:rights>terms-of-use</dc:rights>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2012-03-20T09:55:47Z</dc:date>
    <dcterms:abstract xml:lang="eng">The growing amounts of hosts that are placed into the networks represent an enormous challenge to most network administrators who have to monitor these hosts conscientiously. While automatically monitoring the network for slow or failing components has become common practice, defining an acceptable state of the system is only possible to a very limited extent and thus exploratory analysis tasks by real human analysts complement the analysis process. However, this is a problem of scale since it is infeasible to manually inspect thousands of hosts without proper visual support for the tasks of gaining an overview, focusing and retrieving details on demand. In this paper we present a design study to enable visual support for monitoring large IP spaces. In particular, the presented system features 1) a scalable glyph representation in the style of a clock for giving an overview of the activity over time of thousands of hosts in the network, 2) subnet and port views for focusing the analysis to a particular subset of the data and 3) detailed pixel matrix visualizations for interpreting concrete traffic patterns. Furthermore, the tool's feedback loop, which is implemented through interaction capabilities, allows for retrieving new details, refocusing and enhancing of the overview.</dcterms:abstract>
    <dc:contributor>Fuchs, Johannes</dc:contributor>
    <dc:creator>Mansmann, Florian</dc:creator>
    <dcterms:title>Monitoring large IP spaces with ClockView</dcterms:title>
    <dcterms:issued>2011</dcterms:issued>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/18654/2/Keim_Monitoring.pdf"/>
    <dc:creator>Fuchs, Johannes</dc:creator>
    <dc:creator>Kintzel, Christopher</dc:creator>
    <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/18654/2/Keim_Monitoring.pdf"/>
    <dc:language>eng</dc:language>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
  </rdf:Description>
</rdf:RDF>
Interner Vermerk
xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter
Kontakt
URL der Originalveröffentl.
Prüfdatum der URL
Prüfungsdatum der Dissertation
Finanzierungsart
Kommentar zur Publikation
Allianzlizenz
Corresponding Authors der Uni Konstanz vorhanden
Internationale Co-Autor:innen
Universitätsbibliographie
Ja
Begutachtet
Diese Publikation teilen