Visualization of Host Behavior for Network Security
Visualization of Host Behavior for Network Security
Date
2008
Authors
Editors
Journal ISSN
Electronic ISSN
ISBN
Bibliographical data
Publisher
Series
URI (citable link)
DOI (citable link)
International patent number
Link to the license
EU project number
Project
Open Access publication
Collections
Title in another language
Publication type
Contribution to a conference collection
Publication status
Published in
VizSEC 2007 / Goodall, John R.; Conti, Gregory; Ma, Kwan-Liu (ed.). - Berlin, Heidelberg : Springer Berlin Heidelberg, 2008. - (Mathematics and Visualization). - pp. 187-202. - ISBN 978-3-540-78242-1
Abstract
Monitoring host behavior in a network is one of the most essential tasks in the fields of network monitoring and security since more and more malicious code in the wild internet constantly threatens the network infrastructure. In this paper, we present a visual analytics tool that visualizes network host behavior through positional changes in a two dimensional space using a force-directed graph layout algorithm. The tool s interaction capabilities allow for visual exploration of network traffic over time and are demonstrated using netflow data as well as IDS alerts. Automatic accentuation of hosts with highly variable traffic results in fast hypothesis generation and confirmation of suspicious host behavior. By triggering the behavior graph from the HNMap tool, we were able to monitor more abstract network entities.
Summary in another language
Subject (DDC)
004 Computer Science
Keywords
Conference
Review
undefined / . - undefined, undefined. - (undefined; undefined)
Cite This
ISO 690
MANSMANN, Florian, Lorenz MEIER, Daniel A. KEIM, 2008. Visualization of Host Behavior for Network Security. In: GOODALL, John R., ed., Gregory CONTI, ed., Kwan-Liu MA, ed.. VizSEC 2007. Berlin, Heidelberg:Springer Berlin Heidelberg, pp. 187-202. ISBN 978-3-540-78242-1. Available under: doi: 10.1007/978-3-540-78243-8_13BibTex
@inproceedings{Mansmann2008Visua-5632, year={2008}, doi={10.1007/978-3-540-78243-8_13}, title={Visualization of Host Behavior for Network Security}, isbn={978-3-540-78242-1}, publisher={Springer Berlin Heidelberg}, address={Berlin, Heidelberg}, series={Mathematics and Visualization}, booktitle={VizSEC 2007}, pages={187--202}, editor={Goodall, John R. and Conti, Gregory and Ma, Kwan-Liu}, author={Mansmann, Florian and Meier, Lorenz and Keim, Daniel A.} }
RDF
<rdf:RDF xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:bibo="http://purl.org/ontology/bibo/" xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:void="http://rdfs.org/ns/void#" xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/5632"> <dcterms:issued>2008</dcterms:issued> <dc:language>eng</dc:language> <dc:creator>Meier, Lorenz</dc:creator> <dcterms:title>Visualization of Host Behavior for Network Security</dcterms:title> <dcterms:rights rdf:resource="http://creativecommons.org/licenses/by-nc-nd/2.0/"/> <dc:rights>Attribution-NonCommercial-NoDerivs 2.0 Generic</dc:rights> <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T15:57:20Z</dc:date> <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/> <dc:format>application/pdf</dc:format> <dc:contributor>Meier, Lorenz</dc:contributor> <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2011-03-24T15:57:20Z</dcterms:available> <dc:contributor>Keim, Daniel A.</dc:contributor> <dcterms:abstract xml:lang="eng">Monitoring host behavior in a network is one of the most essential tasks in the fields of network monitoring and security since more and more malicious code in the wild internet constantly threatens the network infrastructure. In this paper, we present a visual analytics tool that visualizes network host behavior through positional changes in a two dimensional space using a force-directed graph layout algorithm. The tool s interaction capabilities allow for visual exploration of network traffic over time and are demonstrated using netflow data as well as IDS alerts. Automatic accentuation of hosts with highly variable traffic results in fast hypothesis generation and confirmation of suspicious host behavior. By triggering the behavior graph from the HNMap tool, we were able to monitor more abstract network entities.</dcterms:abstract> <foaf:homepage rdf:resource="http://localhost:8080/"/> <dcterms:bibliographicCitation>First publ. in: VizSEC 2007: proceedings of the Workshop on Visualization for Computer Security / John R. Goodall... (eds.). Berlin : Springer, 2008, pp. 187-202</dcterms:bibliographicCitation> <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/> <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/5632/1/Visualization_of_Host_Behavior_for_Network_Security.pdf"/> <dc:creator>Mansmann, Florian</dc:creator> <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/5632/1/Visualization_of_Host_Behavior_for_Network_Security.pdf"/> <bibo:uri rdf:resource="http://kops.uni-konstanz.de/handle/123456789/5632"/> <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/> <dc:creator>Keim, Daniel A.</dc:creator> <dc:contributor>Mansmann, Florian</dc:contributor> </rdf:Description> </rdf:RDF>
Internal note
xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter
Examination date of dissertation
Method of financing
Comment on publication
Alliance license
Corresponding Authors der Uni Konstanz vorhanden
International Co-Authors
Bibliography of Konstanz
Yes