Visualizing Network Activity Using Parallel Coordinates

Author

Tricaud, Sebastien ; Nance, Kara ; Saadé, Philippe

fYear

2011

fDate

4-7 Jan. 2011

Firstpage

1

Lastpage

8

Abstract

Detecting and analyzing the complex problems introduced by today´s cybercriminal are challenging undertakings. System pirates are organized and exploit available machines worldwide to conduct their attacks. The attack patterns are complex, multi-variate, and, in the case of botnets, can generate a significant amount of traffic that is difficult to interpret. In order to understand these complex event structures and ascertain their possible correlations in multiple dimensions, a visualization method called parallel coordinates can be used. This paper introduces the basic theory behind parallel coordinates, and demonstrates the visualization of real-world examples of attacks observed through a month of Snort logs on a production server. The parallel coordinates-based visualization is accomplished using an open source visual intrusion detection system called Picviz, which can aid in the analysis of potentially malicious network traffic.

Keywords

computational geometry; computer crime; data visualisation; public domain software; telecommunication traffic; Picviz; attack pattern; cybercriminal botnet; network activity visualization; open source visual intrusion detection system; parallel coordinate; potentially malicious network traffic; production server; snort log; system pirate; Data visualization; Graphical user interfaces; IP networks; Intrusion detection; Monitoring; Software; Visualization;

fLanguage

English

Publisher

ieee

Conference_Titel

System Sciences (HICSS), 2011 44th Hawaii International Conference on

Conference_Location

Kauai, HI

ISSN

1530-1605

Print_ISBN

978-1-4244-9618-1

Type

conf

DOI

10.1109/HICSS.2011.488

Filename

5718652