DocumentCode
2408674
Title
Preserving the big picture: visual network traffic analysis with TNV
Author
Goodall, John R. ; Lutters, Wayne G. ; Rheingans, Penny ; Komlodi, Anita
Author_Institution
Maryland Univ. , Baltimore County, USA
fYear
2005
fDate
26 Oct. 2005
Firstpage
47
Lastpage
54
Abstract
When performing packet-level analysis in intrusion detection, analysts often lose sight of the big picture while examining these low-level details. In order to prevent this loss of context and augment the available tools for intrusion detection analysis tasks, we developed an information visualization tool, the time-based network traffic visualizer (TNV). TNV is grounded in an understanding of the work practices of intrusion detection analysts, particularly foregrounding the overarching importance of context and time in the process of intrusion detection analysis. The main visual component of TNV is a matrix showing network activity of hosts over time, with connections between hosts superimposed on the matrix, complemented by multiple, linked views showing port activity and the details of the raw packets. Providing low-level textual data in the context of a high-level, aggregated graphical display enables analysts to examine packet-level details within the larger context of activity. This combination has the potential to facilitate the intrusion detection analysis tasks and help novice analysts learn what constitutes normal on a particular network.
Keywords
data visualisation; security of data; telecommunication security; telecommunication traffic; information visualization; intrusion detection analysis; packet-level analysis; time-based network traffic visualizer; visual network traffic analysis; Computer displays; Computer interfaces; Computer networks; Data analysis; Data security; Data visualization; Information analysis; Intrusion detection; Performance analysis; Telecommunication traffic;
fLanguage
English
Publisher
ieee
Conference_Titel
Visualization for Computer Security, 2005. (VizSEC 05). IEEE Workshop on
Print_ISBN
0-7803-9477-1
Type
conf
DOI
10.1109/VIZSEC.2005.1532065
Filename
1532065
Link To Document