Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations

Lade...
Vorschaubild
Dateien
mansmann_visual_support.pdf
mansmann_visual_support.pdfGröße: 4.01 MBDownloads: 831
Datum
2009
Herausgeber:innen
Kontakt
ISSN der Zeitschrift
Electronic ISSN
ISBN
Bibliografische Daten
Verlag
Schriftenreihe
Auflagebezeichnung
ArXiv-ID
Internationale Patentnummer
Angaben zur Forschungsförderung
Projekt
Open Access-Veröffentlichung
Open Access Green
Core Facility der Universität Konstanz
Gesperrt bis
Titel in einer weiteren Sprache
Publikationstyp
Beitrag zu einem Konferenzband
Publikationsstatus
Published
Erschienen in
Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09. New York, New York, USA: ACM Press, 2009, pp. 19-28. ISBN 978-1-60558-572-7. Available under: doi: 10.1145/1641587.1641590
Zusammenfassung

Network security depends heavily on automated Intrusion Detection Systems (IDS) to sense malicious activity. Unfortunately, IDS often deliver both too much raw information, and an incomplete local picture, impeding accurate assessment of emerging threats. We propose a system to support analysis of IDS logs, that visually pivots large sets of Net-Flows. In particular, two visual representations of the flow data are compared: a TreeMap visualization of local network hosts, which are linked through hierarchical edge bundles with the external hosts, and a graph representation using a force-directed layout to visualize the structure of the host communication patterns. Three case studies demonstrate the capabilities of our tool to 1) analyze service usage in a managed network, 2) detect a distributed attack, and 3) investigate hosts in our network that communicate with suspect external IPs.

Zusammenfassung in einer weiteren Sprache
Fachgebiet (DDC)
004 Informatik
Schlagwörter
Konferenz
the Symposium, 7. Nov. 2009 - 8. Nov. 2009, Baltimore, Maryland
Rezension
undefined / . - undefined, undefined
Forschungsvorhaben
Organisationseinheiten
Zeitschriftenheft
Datensätze
Zitieren
ISO 690MANSMANN, Florian, Fabian FISCHER, Daniel A. KEIM, Stephen C. NORTH, 2009. Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations. the Symposium. Baltimore, Maryland, 7. Nov. 2009 - 8. Nov. 2009. In: Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09. New York, New York, USA: ACM Press, 2009, pp. 19-28. ISBN 978-1-60558-572-7. Available under: doi: 10.1145/1641587.1641590
BibTex
@inproceedings{Mansmann2009Visua-14805,
  year={2009},
  doi={10.1145/1641587.1641590},
  title={Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations},
  isbn={978-1-60558-572-7},
  publisher={ACM Press},
  address={New York, New York, USA},
  booktitle={Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology - CHiMiT '09},
  pages={19--28},
  author={Mansmann, Florian and Fischer, Fabian and Keim, Daniel A. and North, Stephen C.}
}
RDF
<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/14805">
    <dcterms:issued>2009</dcterms:issued>
    <dc:creator>Mansmann, Florian</dc:creator>
    <dc:language>eng</dc:language>
    <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
    <dc:rights>terms-of-use</dc:rights>
    <dcterms:title>Visual support for analyzing network traffic and intrusion detection events using TreeMap and Graph representations</dcterms:title>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-12-07T08:12:30Z</dcterms:available>
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <dc:creator>North, Stephen C.</dc:creator>
    <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/14805/1/mansmann_visual_support.pdf"/>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dcterms:abstract xml:lang="eng">Network security depends heavily on automated Intrusion Detection Systems (IDS) to sense malicious activity. Unfortunately, IDS often deliver both too much raw information, and an incomplete local picture, impeding accurate assessment of emerging threats. We propose a system to support analysis of IDS logs, that visually pivots large sets of Net-Flows. In particular, two visual representations of the flow data are compared: a TreeMap visualization of local network hosts, which are linked through hierarchical edge bundles with the external hosts, and a graph representation using a force-directed layout to visualize the structure of the host communication patterns. Three case studies demonstrate the capabilities of our tool to 1) analyze service usage in a managed network, 2) detect a distributed attack, and 3) investigate hosts in our network that communicate with suspect external IPs.</dcterms:abstract>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-12-07T08:12:30Z</dc:date>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dc:contributor>North, Stephen C.</dc:contributor>
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <dcterms:bibliographicCitation>First publ. in: ACM Symposium on Computer-Human Interaction for Management of Information Technology 2009, (CHIMIT 09) : Baltimore, Maryland, USA, 7 - 8 November 2009 / [by the Association for Computing Machinery, ACM. Conference chairs: Eben Haber (...). - Red Hook, NY : Curran, 2010. - pp. 19-28. - ISBN 978-1-617-38128-7</dcterms:bibliographicCitation>
    <dc:contributor>Fischer, Fabian</dc:contributor>
    <dc:creator>Keim, Daniel A.</dc:creator>
    <dc:creator>Fischer, Fabian</dc:creator>
    <dc:contributor>Mansmann, Florian</dc:contributor>
    <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/14805"/>
    <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/14805/1/mansmann_visual_support.pdf"/>
    <dc:contributor>Keim, Daniel A.</dc:contributor>
  </rdf:Description>
</rdf:RDF>
Interner Vermerk
xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter
Kontakt
URL der Originalveröffentl.
Prüfdatum der URL
Prüfungsdatum der Dissertation
Finanzierungsart
Kommentar zur Publikation
Allianzlizenz
Corresponding Authors der Uni Konstanz vorhanden
Internationale Co-Autor:innen
Universitätsbibliographie
Ja
Begutachtet
Diese Publikation teilen