• DocumentCode
    2583827
  • Title

    VisFlowConnect: providing security situational awareness by visualizing network traffic flows

  • Author

    Yin, Xiaoxin ; Yurcik, William ; Li, Yifan ; Lakkaraju, Kiran ; Abad, Cristina

  • Author_Institution
    Nat. Center for Supercomput. Applications, Illinois Univ., Urbana, IL, USA
  • fYear
    2004
  • fDate
    2004
  • Firstpage
    601
  • Lastpage
    607
  • Abstract
    We present the design and implementation of VisFlowConnect, a powerful new tool for visualizing network traffic flow dynamics for situational awareness. The visualization capability provided by VisFlowConnect allows an operator to assess the state of a large and complex network given an overall view of the entire network and filter/drill-down features with a friendly user interface that allows users to request more detailed information of interest such as specific protocol traffic flows. The value of VisFlowConnect specifically for security situational awareness is that any security event, with only a few minor exceptions, is reflected as a traffic flow. Thus in using VisFlowConnect, a user can "see" all security events. We show several experiments in which abnormal behaviors with security implications have been discovered and analyzed using VisFlowConnect. These experiments demonstrate how VisFlowConnect can be a uniquely effective tool to assist security administrators in securing their computer networks.
  • Keywords
    Internet; data visualisation; graphical user interfaces; protocols; telecommunication security; telecommunication traffic; VisFlowConnect; computer networks; filter-drill-down features; network traffic flows; security situational awareness; user interface; visualization capability; Complex networks; Computer networks; Computer security; Information filtering; Information filters; Information security; Protocols; Telecommunication traffic; User interfaces; Visualization;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Performance, Computing, and Communications, 2004 IEEE International Conference on
  • Print_ISBN
    0-7803-8396-6
  • Type

    conf

  • DOI
    10.1109/PCCC.2004.1395108
  • Filename
    1395108