Title :
Improving Security Visualization with Exposure Map Filtering
Author :
Alsaleh, Mansour ; Barrera, David ; van Oorschot, Paul C.
Author_Institution :
Sch. of Comput. Sci., Carleton Univ., Ottawa, ON
Abstract :
Graphical analysis of network traffic flows helps security analysts detect patterns or behaviors that would not be obvious in a text-based environment. The growing volume of network data generated and captured makes it increasingly difficult to detect increasingly sophisticated reconnaissance and stealthy network attacks. We propose a network flow filtering mechanism that leverages the exposure maps technique of Whyte et al. (2007), reducing the traffic for the visualization process according to the network services being offered. This allows focus to be limited to selected subsets of the network traffic, for example what might be categorized (correctly or otherwise) as the unexpected or potentially malicious portion. In particular, we use this technique to filter out traffic from sources that have not gained knowledge from the network in question. We evaluate the benefits of our technique on different visualizations of network flows. Our analysis shows a significant decrease in the volume of network traffic that is to be visualized, resulting in visible patterns and insights not previously apparent.
Keywords :
data visualisation; pattern recognition; security of data; exposure map filtering; graphical analysis; network attacks; network flow filtering; network traffic flows; pattern detection; security visualization; text-based environment; Computer security; Data security; Data visualization; Filtering; Filters; Humans; Information security; Pattern analysis; Reconnaissance; Telecommunication traffic;
Conference_Titel :
Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Conference_Location :
Anaheim, CA
Print_ISBN :
978-0-7695-3447-3
DOI :
10.1109/ACSAC.2008.16
