Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations
Dateien
Datum
Autor:innen
Herausgeber:innen
ISSN der Zeitschrift
Electronic ISSN
ISBN
Bibliografische Daten
Verlag
Schriftenreihe
Auflagebezeichnung
URI (zitierfähiger Link)
DOI (zitierfähiger Link)
Internationale Patentnummer
Link zur Lizenz
Angaben zur Forschungsförderung
Projekt
Open Access-Veröffentlichung
Sammlungen
Core Facility der Universität Konstanz
Titel in einer weiteren Sprache
Publikationstyp
Publikationsstatus
Erschienen in
Zusammenfassung
Network security depends heavily on automated Intrusion Detection Systems (IDS) to sense malicious activity. Unfortunately, IDS often deliver both too much raw information, and an incomplete local picture, impeding accurate assessment of emerging threats. We propose a system to support analysis of IDS logs, that visually pivots large sets of Net-Flows. In particular, two visual representations of the flow data are compared: a TreeMap visualization of local network hosts, which are linked through hierarchical edge bundles with the external hosts, and a graph representation using a force-directed layout to visualize the structure of the host communication patterns. Three case studies demonstrate the capabilities of our tool to 1) analyze service usage in a managed network, 2) detect a distributed attack, and 3) investigate hosts in our network that communicate with suspect external IPs.
Zusammenfassung in einer weiteren Sprache
Fachgebiet (DDC)
Schlagwörter
Konferenz
Rezension
Zitieren
ISO 690
MANSMANN, Florian, Fabian FISCHER, Daniel A. KEIM, Stephen C. NORTH, 2009. Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations. the Symposium. Baltimore, Maryland, 7. Nov. 2009 - 8. Nov. 2009. In: Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09. New York, New York, USA: ACM Press, 2009, pp. 19-28. ISBN 978-1-60558-572-7. Available under: doi: 10.1145/1641587.1641590BibTex
@inproceedings{Mansmann2009Visua-14805, year={2009}, doi={10.1145/1641587.1641590}, title={Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations}, isbn={978-1-60558-572-7}, publisher={ACM Press}, address={New York, New York, USA}, booktitle={Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09}, pages={19--28}, author={Mansmann, Florian and Fischer, Fabian and Keim, Daniel A. and North, Stephen C.} }
RDF
<rdf:RDF xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:bibo="http://purl.org/ontology/bibo/" xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:void="http://rdfs.org/ns/void#" xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/14805"> <dcterms:issued>2009</dcterms:issued> <dc:creator>Mansmann, Florian</dc:creator> <dc:language>eng</dc:language> <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/> <dc:rights>terms-of-use</dc:rights> <dcterms:title>Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations</dcterms:title> <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-12-07T08:12:30Z</dcterms:available> <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/> <dc:creator>North, Stephen C.</dc:creator> <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/14805/1/mansmann_visual_support.pdf"/> <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/> <dcterms:abstract xml:lang="eng">Network security depends heavily on automated Intrusion Detection Systems (IDS) to sense malicious activity. Unfortunately, IDS often deliver both too much raw information, and an incomplete local picture, impeding accurate assessment of emerging threats. We propose a system to support analysis of IDS logs, that visually pivots large sets of Net-Flows. In particular, two visual representations of the flow data are compared: a TreeMap visualization of local network hosts, which are linked through hierarchical edge bundles with the external hosts, and a graph representation using a force-directed layout to visualize the structure of the host communication patterns. Three case studies demonstrate the capabilities of our tool to 1) analyze service usage in a managed network, 2) detect a distributed attack, and 3) investigate hosts in our network that communicate with suspect external IPs.</dcterms:abstract> <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-12-07T08:12:30Z</dc:date> <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/> <dc:contributor>North, Stephen C.</dc:contributor> <foaf:homepage rdf:resource="http://localhost:8080/"/> <dcterms:bibliographicCitation>First publ. in: ACM Symposium on Computer-Human Interaction for Management of Information Technology 2009, (CHIMIT 09) : Baltimore, Maryland, USA, 7 - 8 November 2009 / [by the Association for Computing Machinery, ACM. Conference chairs: Eben Haber (...). - Red Hook, NY : Curran, 2010. - pp. 19-28. - ISBN 978-1-617-38128-7</dcterms:bibliographicCitation> <dc:contributor>Fischer, Fabian</dc:contributor> <dc:creator>Keim, Daniel A.</dc:creator> <dc:creator>Fischer, Fabian</dc:creator> <dc:contributor>Mansmann, Florian</dc:contributor> <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/14805"/> <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/14805/1/mansmann_visual_support.pdf"/> <dc:contributor>Keim, Daniel A.</dc:contributor> </rdf:Description> </rdf:RDF>