• DocumentCode
    2408674
  • Title

    Preserving the big picture: visual network traffic analysis with TNV

  • Author

    Goodall, John R. ; Lutters, Wayne G. ; Rheingans, Penny ; Komlodi, Anita

  • Author_Institution
    Maryland Univ. , Baltimore County, USA
  • fYear
    2005
  • fDate
    26 Oct. 2005
  • Firstpage
    47
  • Lastpage
    54
  • Abstract
    When performing packet-level analysis in intrusion detection, analysts often lose sight of the big picture while examining these low-level details. In order to prevent this loss of context and augment the available tools for intrusion detection analysis tasks, we developed an information visualization tool, the time-based network traffic visualizer (TNV). TNV is grounded in an understanding of the work practices of intrusion detection analysts, particularly foregrounding the overarching importance of context and time in the process of intrusion detection analysis. The main visual component of TNV is a matrix showing network activity of hosts over time, with connections between hosts superimposed on the matrix, complemented by multiple, linked views showing port activity and the details of the raw packets. Providing low-level textual data in the context of a high-level, aggregated graphical display enables analysts to examine packet-level details within the larger context of activity. This combination has the potential to facilitate the intrusion detection analysis tasks and help novice analysts learn what constitutes normal on a particular network.
  • Keywords
    data visualisation; security of data; telecommunication security; telecommunication traffic; information visualization; intrusion detection analysis; packet-level analysis; time-based network traffic visualizer; visual network traffic analysis; Computer displays; Computer interfaces; Computer networks; Data analysis; Data security; Data visualization; Information analysis; Intrusion detection; Performance analysis; Telecommunication traffic;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Visualization for Computer Security, 2005. (VizSEC 05). IEEE Workshop on
  • Print_ISBN
    0-7803-9477-1
  • Type

    conf

  • DOI
    10.1109/VIZSEC.2005.1532065
  • Filename
    1532065