P3D: A parallel 3D coordinate visualization for advanced network scans

As network attacks increase in complexity, network administrators will continue to struggle with analyzing security data immediately and efficiently. To alleviate these challenges, researchers are looking into various visualization techniques (e.g., two-dimensional (2D) and three-dimensional (3D)) to detect, identify, and analyze malicious attacks. This paper discusses the benefits of using a stereoscopic 3D parallel visualization techniques for network scanning, in particular, when addressing occlusion-based visualization attacks intended to confuse network administrators. To our knowledge, no 2D or 3D tool exists that analyzes these attacks. Hence, we propose a novel 3D Parallel coordinate visualization tool for advanced network scans and attacks called P3D. P3D uses flow data, filtering techniques, and state-of-the art 3D technologies to help network administrators detect distributed and coordinated network scans. Compared to other 2D and 3D network security visualization tools, P3D prevents occlusion-based visualization attacks (e.g., Windshield Wiper and Port Source Confusion attacks). We validate our tool with use-cases from emulated distributed scanning attacks. Our evaluation shows P3D allows users to extract new information about scans and minimize information overload by adding an extra dimension and awareness region in the visualization.