3D Graph Visualisation of Web Normal and Malicious Traffic

Once a Web site has been made operational by a company, organisation or individual there is a wish to know the details regarding the connections to the site. In addition, there is a great interest to monitor the activity profile of the Web site in terms of how many hits are received, where they come from, the relationship between this activity and increased revenues of the business and so on. Due to the complexity and volume of data involved in these tasks the only way to manage all of the information is to present it using a visual paradigm. Furthermore, Web sites are likely to be regularly scanned and attacked by both automated and manual means. Companies, organisations and individuals are making every effort to build and maintain secure Web sites. In this paper we will present an ongoing surveillance prototype system which offers a visual aid to the Web analyst by monitoring and exploring 3D graphs. The system offers a visual surveillance of the Web traffic for both normal and malicious activity. Web requests are presented as 3D directed graphs. Colours are used on the 3D graphics to indicate malicious attempts or anomalous traffic and the analyst has the ability to perform visual data analysis by navigating online into the Web request payload, of either normal or malicious traffic