Publikation:

Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations

Lade...
Vorschaubild

Dateien

mansmann_visual_support.pdf
mansmann_visual_support.pdfGröße: 4.01 MBDownloads: 853

Datum

2009

Herausgeber:innen

Kontakt

ISSN der Zeitschrift

Electronic ISSN

ISBN

Bibliografische Daten

Verlag

Schriftenreihe

Auflagebezeichnung

ArXiv-ID

Internationale Patentnummer

Angaben zur Forschungsförderung

Projekt

Open Access-Veröffentlichung
Open Access Green
Core Facility der Universität Konstanz

Gesperrt bis

Titel in einer weiteren Sprache

Publikationstyp
Beitrag zu einem Konferenzband
Publikationsstatus
Published

Erschienen in

Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09. New York, New York, USA: ACM Press, 2009, pp. 19-28. ISBN 978-1-60558-572-7. Available under: doi: 10.1145/1641587.1641590

Zusammenfassung

Network security depends heavily on automated Intrusion Detection Systems (IDS) to sense malicious activity. Unfortunately, IDS often deliver both too much raw information, and an incomplete local picture, impeding accurate assessment of emerging threats. We propose a system to support analysis of IDS logs, that visually pivots large sets of Net-Flows. In particular, two visual representations of the flow data are compared: a TreeMap visualization of local network hosts, which are linked through hierarchical edge bundles with the external hosts, and a graph representation using a force-directed layout to visualize the structure of the host communication patterns. Three case studies demonstrate the capabilities of our tool to 1) analyze service usage in a managed network, 2) detect a distributed attack, and 3) investigate hosts in our network that communicate with suspect external IPs.

Zusammenfassung in einer weiteren Sprache

Fachgebiet (DDC)
004 Informatik

Schlagwörter

Konferenz

the Symposium, 7. Nov. 2009 - 8. Nov. 2009, Baltimore, Maryland
Rezension
undefined / . - undefined, undefined

Forschungsvorhaben

Organisationseinheiten

Zeitschriftenheft

Verknüpfte Datensätze

Zitieren

ISO 690MANSMANN, Florian, Fabian FISCHER, Daniel A. KEIM, Stephen C. NORTH, 2009. Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations. the Symposium. Baltimore, Maryland, 7. Nov. 2009 - 8. Nov. 2009. In: Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09. New York, New York, USA: ACM Press, 2009, pp. 19-28. ISBN 978-1-60558-572-7. Available under: doi: 10.1145/1641587.1641590
BibTex
@inproceedings{Mansmann2009Visua-14805,
  year={2009},
  doi={10.1145/1641587.1641590},
  title={Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations},
  isbn={978-1-60558-572-7},
  publisher={ACM Press},
  address={New York, New York, USA},
  booktitle={Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09},
  pages={19--28},
  author={Mansmann, Florian and Fischer, Fabian and Keim, Daniel A. and North, Stephen C.}
}
RDF
<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/14805">
    <dcterms:issued>2009</dcterms:issued>
    <dc:creator>Mansmann, Florian</dc:creator>
    <dc:language>eng</dc:language>
    <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
    <dc:rights>terms-of-use</dc:rights>
    <dcterms:title>Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations</dcterms:title>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-12-07T08:12:30Z</dcterms:available>
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <dc:creator>North, Stephen C.</dc:creator>
    <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/14805/1/mansmann_visual_support.pdf"/>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dcterms:abstract xml:lang="eng">Network security depends heavily on automated Intrusion Detection Systems (IDS) to sense malicious activity. Unfortunately, IDS often deliver both too much raw information, and an incomplete local picture, impeding accurate assessment of emerging threats. We propose a system to support analysis of IDS logs, that visually pivots large sets of Net-Flows. In particular, two visual representations of the flow data are compared: a TreeMap visualization of local network hosts, which are linked through hierarchical edge bundles with the external hosts, and a graph representation using a force-directed layout to visualize the structure of the host communication patterns. Three case studies demonstrate the capabilities of our tool to 1) analyze service usage in a managed network, 2) detect a distributed attack, and 3) investigate hosts in our network that communicate with suspect external IPs.</dcterms:abstract>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-12-07T08:12:30Z</dc:date>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dc:contributor>North, Stephen C.</dc:contributor>
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <dcterms:bibliographicCitation>First publ. in: ACM Symposium on Computer-Human Interaction for Management of Information Technology 2009, (CHIMIT 09) : Baltimore, Maryland, USA, 7 - 8 November 2009 / [by the Association for Computing Machinery, ACM. Conference chairs: Eben Haber (...). - Red Hook, NY : Curran, 2010. - pp. 19-28. - ISBN 978-1-617-38128-7</dcterms:bibliographicCitation>
    <dc:contributor>Fischer, Fabian</dc:contributor>
    <dc:creator>Keim, Daniel A.</dc:creator>
    <dc:creator>Fischer, Fabian</dc:creator>
    <dc:contributor>Mansmann, Florian</dc:contributor>
    <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/14805"/>
    <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/14805/1/mansmann_visual_support.pdf"/>
    <dc:contributor>Keim, Daniel A.</dc:contributor>
  </rdf:Description>
</rdf:RDF>

Interner Vermerk

xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter

Kontakt
URL der Originalveröffentl.

Prüfdatum der URL

Prüfungsdatum der Dissertation

Finanzierungsart

Kommentar zur Publikation

Allianzlizenz
Corresponding Authors der Uni Konstanz vorhanden
Internationale Co-Autor:innen
Universitätsbibliographie
Ja
Begutachtet
Diese Publikation teilen