IDGraphs: intrusion detection and analysis using stream compositing

Author

Ren, Pin ; Gao, Yan ; Li, Zhichun ; Chen, Yan ; Watson, Benjamin

Author_Institution

Dept. of Electr. Eng. & Comput. Sci., Northwest Univ., Xi´´an, China

Volume

26

Issue

2

fYear

2006

Firstpage

28

Lastpage

39

Abstract

IDGraphs is an interactive visualization system, supporting intrusion detection over massive network traffic streams. It features a novel time-versus-failed-connections mapping that aids in discovery of attack patterns. The number of failed connections (SYN-SYN/ACK) is a strong indicator of suspicious network flows. IDGraphs offers several flow aggregation methods that help reveal different attack patterns. The system also offers high visual scalability through the use of Histographs. The IDGraphs intrusion detection system detects and analyzes a variety of attacks and anomalies, including port scanning, worm outbreaks, stealthy TCP SYN flooding, and some distributed attacks. In this article, we demonstrate IDGraphs using a single day of NetFlow network traffic traces collected at edge routers at Northwestern University which has several OC-3 links.

Keywords

data visualisation; interactive systems; security of data; IDGraphs; NetFlow network traffic; SYN-SYN/ACK; TCP SYN flooding; histographs; interactive visualization system; intrusion detection system; network traffic stream; Computer networks; Computer security; Computer worms; Electronics packaging; Information analysis; Information security; Intrusion detection; Monitoring; Telecommunication traffic; Visualization; Brushing and Linking; Correlation Matrix; Dynamic Query; Interactive System; Intrusion Detection; Security Visualization; Computer Communication Networks; Computer Graphics; Information Storage and Retrieval; Signal Processing, Computer-Assisted; Software; User-Computer Interface;

fLanguage

English

Journal_Title

Computer Graphics and Applications, IEEE

Publisher

ieee

ISSN

0272-1716

Type

jour

DOI

10.1109/MCG.2006.36

Filename

1607919