Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations

Kurzanzeige
dc.contributor.authorMansmann, Florian
dc.contributor.authorFischer, Fabian
dc.contributor.authorKeim, Daniel A.
dc.contributor.authorNorth, Stephen C.deu
dc.date.accessioned2011-12-07T08:12:30Zdeu
dc.date.available2011-12-07T08:12:30Zdeu
dc.date.issued2009
dc.description.abstractNetwork security depends heavily on automated Intrusion Detection Systems (IDS) to sense malicious activity. Unfortunately, IDS often deliver both too much raw information, and an incomplete local picture, impeding accurate assessment of emerging threats. We propose a system to support analysis of IDS logs, that visually pivots large sets of Net-Flows. In particular, two visual representations of the flow data are compared: a TreeMap visualization of local network hosts, which are linked through hierarchical edge bundles with the external hosts, and a graph representation using a force-directed layout to visualize the structure of the host communication patterns. Three case studies demonstrate the capabilities of our tool to 1) analyze service usage in a managed network, 2) detect a distributed attack, and 3) investigate hosts in our network that communicate with suspect external IPs.eng
dc.description.versionpublished
dc.identifier.citationFirst publ. in: ACM Symposium on Computer-Human Interaction for Management of Information Technology 2009, (CHIMIT 09) : Baltimore, Maryland, USA, 7 - 8 November 2009 / [by the Association for Computing Machinery, ACM. Conference chairs: Eben Haber (...). - Red Hook, NY : Curran, 2010. - pp. 19-28. - ISBN 978-1-617-38128-7deu
dc.identifier.doi10.1145/1641587.1641590deu
dc.identifier.ppn354359053deu
dc.identifier.urihttp://kops.uni-konstanz.de/handle/123456789/14805
dc.language.isoengdeu
dc.legacy.dateIssued2011-12-07deu
dc.rightsterms-of-usedeu
dc.rights.urihttps://rightsstatements.org/page/InC/1.0/deu
dc.subject.ddc004deu
dc.titleVisual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representationseng
dc.typeINPROCEEDINGSdeu
dspace.entity.typePublication
kops.citation.bibtex
@inproceedings{Mansmann2009Visua-14805,
  year={2009},
  doi={10.1145/1641587.1641590},
  title={Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations},
  isbn={978-1-60558-572-7},
  publisher={ACM Press},
  address={New York, New York, USA},
  booktitle={Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09},
  pages={19--28},
  author={Mansmann, Florian and Fischer, Fabian and Keim, Daniel A. and North, Stephen C.}
}
kops.citation.iso690MANSMANN, Florian, Fabian FISCHER, Daniel A. KEIM, Stephen C. NORTH, 2009. Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations. the Symposium. Baltimore, Maryland, 7. Nov. 2009 - 8. Nov. 2009. In: Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09. New York, New York, USA: ACM Press, 2009, pp. 19-28. ISBN 978-1-60558-572-7. Available under: doi: 10.1145/1641587.1641590deu
kops.citation.iso690MANSMANN, Florian, Fabian FISCHER, Daniel A. KEIM, Stephen C. NORTH, 2009. Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations. the Symposium. Baltimore, Maryland, Nov 7, 2009 - Nov 8, 2009. In: Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09. New York, New York, USA: ACM Press, 2009, pp. 19-28. ISBN 978-1-60558-572-7. Available under: doi: 10.1145/1641587.1641590eng
kops.citation.rdf
<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/14805">
    <dcterms:issued>2009</dcterms:issued>
    <dc:creator>Mansmann, Florian</dc:creator>
    <dc:language>eng</dc:language>
    <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
    <dc:rights>terms-of-use</dc:rights>
    <dcterms:title>Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations</dcterms:title>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-12-07T08:12:30Z</dcterms:available>
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <dc:creator>North, Stephen C.</dc:creator>
    <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/14805/1/mansmann_visual_support.pdf"/>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dcterms:abstract xml:lang="eng">Network security depends heavily on automated Intrusion Detection Systems (IDS) to sense malicious activity. Unfortunately, IDS often deliver both too much raw information, and an incomplete local picture, impeding accurate assessment of emerging threats. We propose a system to support analysis of IDS logs, that visually pivots large sets of Net-Flows. In particular, two visual representations of the flow data are compared: a TreeMap visualization of local network hosts, which are linked through hierarchical edge bundles with the external hosts, and a graph representation using a force-directed layout to visualize the structure of the host communication patterns. Three case studies demonstrate the capabilities of our tool to 1) analyze service usage in a managed network, 2) detect a distributed attack, and 3) investigate hosts in our network that communicate with suspect external IPs.</dcterms:abstract>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-12-07T08:12:30Z</dc:date>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dc:contributor>North, Stephen C.</dc:contributor>
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <dcterms:bibliographicCitation>First publ. in: ACM Symposium on Computer-Human Interaction for Management of Information Technology 2009, (CHIMIT 09) : Baltimore, Maryland, USA, 7 - 8 November 2009 / [by the Association for Computing Machinery, ACM. Conference chairs: Eben Haber (...). - Red Hook, NY : Curran, 2010. - pp. 19-28. - ISBN 978-1-617-38128-7</dcterms:bibliographicCitation>
    <dc:contributor>Fischer, Fabian</dc:contributor>
    <dc:creator>Keim, Daniel A.</dc:creator>
    <dc:creator>Fischer, Fabian</dc:creator>
    <dc:contributor>Mansmann, Florian</dc:contributor>
    <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/14805"/>
    <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/14805/1/mansmann_visual_support.pdf"/>
    <dc:contributor>Keim, Daniel A.</dc:contributor>
  </rdf:Description>
</rdf:RDF>
kops.conferencefieldthe Symposium, 7. Nov. 2009 - 8. Nov. 2009, Baltimore, Marylanddeu
kops.date.conferenceEnd2009-11-08
kops.date.conferenceStart2009-11-07
kops.description.openAccessopenaccessgreen
kops.flag.knbibliographytrue
kops.identifier.nbnurn:nbn:de:bsz:352-148050deu
kops.location.conferenceBaltimore, Maryland
kops.sourcefield<i>Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09</i>. New York, New York, USA: ACM Press, 2009, pp. 19-28. ISBN 978-1-60558-572-7. Available under: doi: 10.1145/1641587.1641590deu
kops.sourcefield.plainProceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09. New York, New York, USA: ACM Press, 2009, pp. 19-28. ISBN 978-1-60558-572-7. Available under: doi: 10.1145/1641587.1641590deu
kops.sourcefield.plainProceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09. New York, New York, USA: ACM Press, 2009, pp. 19-28. ISBN 978-1-60558-572-7. Available under: doi: 10.1145/1641587.1641590eng
kops.submitter.emailfabian.fischer@uni-konstanz.dedeu
kops.title.conferencethe Symposium
relation.isAuthorOfPublication90244953-4003-4a15-ae6e-0b9d164ea2a3
relation.isAuthorOfPublication7a775974-2508-4a1c-b786-d48032df7443
relation.isAuthorOfPublicationda7dafb0-6003-4fd4-803c-11e1e72d621a
relation.isAuthorOfPublication.latestForDiscovery90244953-4003-4a15-ae6e-0b9d164ea2a3
source.bibliographicInfo.fromPage19
source.bibliographicInfo.toPage28
source.identifier.isbn978-1-60558-572-7
source.publisherACM Press
source.publisher.locationNew York, New York, USA
source.titleProceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09

Dateien

Originalbündel

Gerade angezeigt 1 - 1 von 1
Vorschaubild nicht verfügbar
Name:
mansmann_visual_support.pdf
Größe:
4.01 MB
Format:
Adobe Portable Document Format
mansmann_visual_support.pdf
mansmann_visual_support.pdfGröße: 4.01 MBDownloads: 1015

Lizenzbündel

Gerade angezeigt 1 - 1 von 1
Vorschaubild nicht verfügbar
Name:
license.txt
Größe:
1.92 KB
Format:
Plain Text
Beschreibung:
license.txt
license.txtGröße: 1.92 KBDownloads: 0

Sammlungen

Informatik und Informationswissenschaft: Publikationen