Title : 
Visualizing network data for intrusion detection
         
        
            Author : 
Abdullah, Kulsoom ; Lee, Chris ; Conti, Gregory ; Copeland, John A.
         
        
            Author_Institution : 
Commun. Syst. Center, Georgia Inst. of Technol., WA, USA
         
        
        
        
        
            Abstract : 
As the trend of successful network attacks continue to rise, better forms of intrusion detection and prevention are needed. This paper addresses network traffic visualization techniques that aid an administrator in recognizing attacks in real time. Our approach improves upon current techniques that lack effectiveness due to an overemphasis on flow, nodes, or assumed familiarity with the attack tool, causing either late reaction or missed detection. A port-based overview of network activity produces a improved representation for detecting and responding to malicious activity. We have found that presenting an overview using stacked histograms of aggregate port activity, combined with the ability to drill-down for finer details allows small, yet important details to be noticed and investigated without being obscured by large, usual traffic. Due to the amount of traffic as well as the range of possible port numbers and IP addresses, scaling techniques are necessary to help provide this overview. We provide graphs with examples of forensic findings. Finally, we describe our future plans for using live traffic in addition to our forensic visualization techniques.
         
        
            Keywords : 
computer networks; data visualisation; graph theory; invasive software; IP address; aggregate port activity; forensic visualization; graph; histogram; intrusion detection; intrusion prevention; malicious activity; network activity; network attacks; network data visualization; network traffic visualization; port number; real time attack recognition; Bandwidth; Computer worms; Data visualization; Forensics; Histograms; Humans; Information security; Internet; Intrusion detection; Telecommunication traffic;
         
        
        
        
            Conference_Titel : 
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
         
        
            Print_ISBN : 
0-7803-9290-6
         
        
        
            DOI : 
10.1109/IAW.2005.1495940