Title :
IDGraphs: intrusion detection and analysis using stream compositing
Author :
Ren, Pin ; Gao, Yan ; Li, Zhichun ; Chen, Yan ; Watson, Benjamin
Author_Institution :
Dept. of Electr. Eng. & Comput. Sci., Northwest Univ., Xi´´an, China
Abstract :
IDGraphs is an interactive visualization system, supporting intrusion detection over massive network traffic streams. It features a novel time-versus-failed-connections mapping that aids in discovery of attack patterns. The number of failed connections (SYN-SYN/ACK) is a strong indicator of suspicious network flows. IDGraphs offers several flow aggregation methods that help reveal different attack patterns. The system also offers high visual scalability through the use of Histographs. The IDGraphs intrusion detection system detects and analyzes a variety of attacks and anomalies, including port scanning, worm outbreaks, stealthy TCP SYN flooding, and some distributed attacks. In this article, we demonstrate IDGraphs using a single day of NetFlow network traffic traces collected at edge routers at Northwestern University which has several OC-3 links.
Keywords :
data visualisation; interactive systems; security of data; IDGraphs; NetFlow network traffic; SYN-SYN/ACK; TCP SYN flooding; histographs; interactive visualization system; intrusion detection system; network traffic stream; Computer networks; Computer security; Computer worms; Electronics packaging; Information analysis; Information security; Intrusion detection; Monitoring; Telecommunication traffic; Visualization; Brushing and Linking; Correlation Matrix; Dynamic Query; Interactive System; Intrusion Detection; Security Visualization; Computer Communication Networks; Computer Graphics; Information Storage and Retrieval; Signal Processing, Computer-Assisted; Software; User-Computer Interface;
Journal_Title :
Computer Graphics and Applications, IEEE
DOI :
10.1109/MCG.2006.36
