A Novel Visualization Approach for Efficient Network-wide Traffic Monitoring

Network traffic visualization provides very effective means for monitoring anomalous activities as well as detecting large scale network attacks. This work proposes a novel and flexible technique for representing traffic activities that reside in network flows and their patterns. The technique utilizes a set of different space-filling curves (SFC) to map the collected statistics to images that emphasize traffic patterns. Our approach to use the enhanced locality of SFC clustering property makes anomalies such as large scale DDoS attacks and scanning activities easily identifiable, compared to other traditional techniques. Also, widely dispersed communication patterns are rendered easier to understand using our proposed traffic-to-image mappings. This new representation preserves traffic properties leading to more accurate and robust anomaly detection even if aggressive compression is performed on the resulting images. In addition, using our proposed technique, the relation between multiple packet fields can be easily obtained to analyze correlated attacks.