research-article

Visualizing host traffic through graphs

Author:

Eduard GlatzAuthors Info & Claims

VizSec '10: Proceedings of the Seventh International Symposium on Visualization for Cyber Security

Pages 58 - 63

https://doi.org/10.1145/1850795.1850802

Published: 14 September 2010 Publication History

Get Access

Abstract

Gaining an overview of host activities is hard when a host is busily exchanging hundreds or thousands of flows over a network. This makes investigating traffic of a suspicious host a tedious task for a security analyst. We propose a novel host traffic visualization technique that reduces this cognitive burden by i) representing traffic through an annotated k-partite graph reflecting familiar Berkeley socket model semantics, ii) employing a host role summarization for effective removal of ephemeral traffic features, and iii) providing classification and filtering techniques for unwanted traffic, which are important for identifying the functional role of port numbers and for visualization. We present the open-source tool HAPviewer and demonstrate how it can visualize a large number of flows through a compact and easily interpretable graph.

References

[1]

Barrera D, van Oorschot PC 2009. Security Visualization Tools and IPv6 Addresses. Workshop on Visualization for Cyber security, Atlantic City, NJ USA (VizSec 2009).

Google Scholar

[2]

Emden R. Gansner, Eleftherios Koutsofios, Stephen C. North, and Kiem-Phong Vo. A Technique for Drawing Directed Graphs. IEEE Trans. Sofware Eng., 19(3):214--230, May 1993.

Digital Library

Google Scholar

[3]

Fan, J, Xu, J, Ammar, MH, and Moon, SB. 2004. Prefix-preserving IP address anonymization: Measurement-based security evaluation and a new cryptography-based scheme. Computer Networks 46, 2 (7 Oct. 04), 253--272, Elsevier.

Digital Library

Google Scholar

[4]

Glanfield J, Brooks S, Taylor T et al. 2009. OverFlow: An Overview Visualization for Network Analysis. Workshop on Visualization for Cyber Security (VizSec 2009).

Google Scholar

[5]

Fink, G., Endert, A. 2009. Visualizing Cyber Security: Usable Workspaces. Workshop on Visualization for Cyber Security (VizSec 2009).

Google Scholar

[6]

Haag, P. 2005. Watch your Flows with NfSen and NfDump. 50th RIPE Meeting (3 May 05, Stockholm).

Google Scholar

[7]

Iliofotou, M, Pappu, P, Faloutsos, M, Mitzenmacher, M, Singh, S, and Varghese, G. 2007. Network monitoring using traffic dispersion graphs (tdgs). In Proceedings of the 7th ACM SIGCOMM conference on Internet measurement. ACM New York, NY.

Digital Library

Google Scholar

[8]

Karagiannis, T, Papagiannaki, K, and Faloutsos, M. 2005. BLINC: multilevel traffic classification in the dark. ACM SIGCOMM Computer Communication Review. ACM Press New York, NY.

Digital Library

Google Scholar

[9]

Karagiannis, T, Papagiannaki, K, Taft, N, and Faloutsos, M. 2007. Profiling the End Host. Passive and Active Measurement Conference (PAM), Louvain-la-neuve, Belgium, April 2007. SPRINGER-VERLAG.

Digital Library

Google Scholar

[10]

Mansmann F, Fischer F, Keim DA, North SC 2009. Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations. New York, NY, USA: ACM.

Google Scholar

[11]

Yi, JS, Kang, Y, Stasko, JT, and Jacko, JA. 2008. Understanding and characterizing insights: how do people gain insights using information visualization? In Proceedings of the 2008 conference on BEyond time and errors: novel evaLuation methods for Information Visualization (Florence, Italy, 5 April 08). BELIV'08. ACM, New York, NY.

Digital Library

Google Scholar

[12]

Yin, X., Yurcik, W., Li, Y., Lakkaraju, K. and Abad, C. 2004. Visflowconnect: Providing security situational awareness by visualizing network traffic flows. Performance Computing and Communications, IEEE International Conference o, pages 601--607, 2004

Google Scholar

[13]

Xforce (IBM Internet Security Systems), Vulnerability ID 16244, Dabber worm detected. http://xforce.iss.net/xforce/xfdb/16244

Google Scholar

Cited By

View all

Lyu MHabibi Gharakheili HSivaraman V(2024)A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack DetectionIEEE Access10.1109/ACCESS.2024.341906812(89363-89383)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3419068
Kim UKang JLee JKim HJung S(2018)Practical firewall policy inspection using anomaly detection and its visualizationMultimedia Tools and Applications10.1007/s11042-013-1673-871:2(627-641)Online publication date: 31-Dec-2018
https://dl.acm.org/doi/10.1007/s11042-013-1673-8
Glatz EMavromatidis SAger BDimitropoulos X(2018)Visualizing big network traffic data using frequent pattern mining and hypergraphsComputing10.1007/s00607-013-0282-896:1(27-38)Online publication date: 31-Dec-2018
https://dl.acm.org/doi/10.1007/s00607-013-0282-8
Show More Cited By

Index Terms

Visualizing host traffic through graphs
1. Human-centered computing

Recommendations

Home-centric visualization of network traffic for security administration
VizSEC/DMSEC '04: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security

Today's system administrators, burdened by rapidly increasing network activity, must quickly perceive the security state of their networks, but they often have only text-based tools to work with. These tools often provide no overview to help users grasp ...
Visualizing DNS traffic
VizSEC '06: Proceedings of the 3rd international workshop on Visualization for computer security

This paper proposes a visualization approach to address Domain Name System (DNS) security challenges, such as distributed denial of service (DDoS) and cache poisoning attacks.We present Flying Term, a new perceptually motivated visual metaphor for ...
Visualizing Air Traffic Flow Management Alert Information Using Squarified Treemaps
CGIV '09: Proceedings of the 2009 Sixth International Conference on Computer Graphics, Imaging and Visualization

The alert information play very important role in Air Traffic Flow Management (ATFM), and is often presented using simple graphics such as histogram or table. These familiar visualizations are effective for providing overview to some extent, but the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

VizSec '10: Proceedings of the Seventh International Symposium on Visualization for Cyber Security

September 2010

123 pages

ISBN:9781450300131

DOI:10.1145/1850795

General Chair:
John Gerth
Stanford University

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 September 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

VizSec '10

VizSec '10: 7th International Symposium on Visualization for Cyber Security

September 14, 2010

Ontario, Ottawa, Canada

Acceptance Rates

VizSec '10 Paper Acceptance Rate 12 of 27 submissions, 44%;

Overall Acceptance Rate 39 of 111 submissions, 35%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
660
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)1

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lyu MHabibi Gharakheili HSivaraman V(2024)A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack DetectionIEEE Access10.1109/ACCESS.2024.341906812(89363-89383)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3419068
Kim UKang JLee JKim HJung S(2018)Practical firewall policy inspection using anomaly detection and its visualizationMultimedia Tools and Applications10.1007/s11042-013-1673-871:2(627-641)Online publication date: 31-Dec-2018
https://dl.acm.org/doi/10.1007/s11042-013-1673-8
Glatz EMavromatidis SAger BDimitropoulos X(2018)Visualizing big network traffic data using frequent pattern mining and hypergraphsComputing10.1007/s00607-013-0282-896:1(27-38)Online publication date: 31-Dec-2018
https://dl.acm.org/doi/10.1007/s00607-013-0282-8
Guimaraes VFreitas CSadre RTarouco LGranville L(2016)A Survey on Information Visualization for Network and Service ManagementIEEE Communications Surveys & Tutorials10.1109/COMST.2015.245053818:1(285-323)Online publication date: Sep-2017
https://doi.org/10.1109/COMST.2015.2450538
Wüchner TPretschner AOchoa MWhitley KEngle SHarrison LFischer FPrigent N(2014)DAVASTProceedings of the Eleventh Workshop on Visualization for Cyber Security10.1145/2671491.2671499(25-32)Online publication date: 10-Nov-2014
https://dl.acm.org/doi/10.1145/2671491.2671499
Kim UKang JLee JKim H(2011)Practical Firewall Policy Inspection Using Anomaly Detection and Its VisualizationProceedings of the International Conference on IT Convergence and Security 201110.1007/978-94-007-2911-7_61(629-639)Online publication date: 7-Dec-2011
https://doi.org/10.1007/978-94-007-2911-7_61

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Home-centric visualization of network traffic for security administration

Visualizing DNS traffic

Visualizing Air Traffic Flow Management Alert Information Using Squarified Treemaps