Title :
VisFlowConnect: providing security situational awareness by visualizing network traffic flows
Author :
Yin, Xiaoxin ; Yurcik, William ; Li, Yifan ; Lakkaraju, Kiran ; Abad, Cristina
Author_Institution :
Nat. Center for Supercomput. Applications, Illinois Univ., Urbana, IL, USA
Abstract :
We present the design and implementation of VisFlowConnect, a powerful new tool for visualizing network traffic flow dynamics for situational awareness. The visualization capability provided by VisFlowConnect allows an operator to assess the state of a large and complex network given an overall view of the entire network and filter/drill-down features with a friendly user interface that allows users to request more detailed information of interest such as specific protocol traffic flows. The value of VisFlowConnect specifically for security situational awareness is that any security event, with only a few minor exceptions, is reflected as a traffic flow. Thus in using VisFlowConnect, a user can "see" all security events. We show several experiments in which abnormal behaviors with security implications have been discovered and analyzed using VisFlowConnect. These experiments demonstrate how VisFlowConnect can be a uniquely effective tool to assist security administrators in securing their computer networks.
Keywords :
Internet; data visualisation; graphical user interfaces; protocols; telecommunication security; telecommunication traffic; VisFlowConnect; computer networks; filter-drill-down features; network traffic flows; security situational awareness; user interface; visualization capability; Complex networks; Computer networks; Computer security; Information filtering; Information filters; Information security; Protocols; Telecommunication traffic; User interfaces; Visualization;
Conference_Titel :
Performance, Computing, and Communications, 2004 IEEE International Conference on
Print_ISBN :
0-7803-8396-6
DOI :
10.1109/PCCC.2004.1395108
