Title :
Visualizing Network Activity Using Parallel Coordinates
Author :
Tricaud, Sebastien ; Nance, Kara ; Saadé, Philippe
Abstract :
Detecting and analyzing the complex problems introduced by today´s cybercriminal are challenging undertakings. System pirates are organized and exploit available machines worldwide to conduct their attacks. The attack patterns are complex, multi-variate, and, in the case of botnets, can generate a significant amount of traffic that is difficult to interpret. In order to understand these complex event structures and ascertain their possible correlations in multiple dimensions, a visualization method called parallel coordinates can be used. This paper introduces the basic theory behind parallel coordinates, and demonstrates the visualization of real-world examples of attacks observed through a month of Snort logs on a production server. The parallel coordinates-based visualization is accomplished using an open source visual intrusion detection system called Picviz, which can aid in the analysis of potentially malicious network traffic.
Keywords :
computational geometry; computer crime; data visualisation; public domain software; telecommunication traffic; Picviz; attack pattern; cybercriminal botnet; network activity visualization; open source visual intrusion detection system; parallel coordinate; potentially malicious network traffic; production server; snort log; system pirate; Data visualization; Graphical user interfaces; IP networks; Intrusion detection; Monitoring; Software; Visualization;
Conference_Titel :
System Sciences (HICSS), 2011 44th Hawaii International Conference on
Conference_Location :
Kauai, HI
Print_ISBN :
978-1-4244-9618-1
DOI :
10.1109/HICSS.2011.488
