Proposing a multi-touch interface for intrusion detection environments
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Visualizing attack graphs, reachability, and trust relationships with NAVIGATOR
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Real-time visualization of network behaviors for situational awareness
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Cuckoo bags for exploring multikey data
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Nfsight: netflow-based network awareness tool
LISA'10 Proceedings of the 24th international conference on Large installation system administration
TVi: a visual querying system for network monitoring and anomaly detection
Proceedings of the 8th International Symposium on Visualization for Cyber Security
Monitoring large IP spaces with ClockView
Proceedings of the 8th International Symposium on Visualization for Cyber Security
Community-based analysis of netflow for early detection of security incidents
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
MalwareVis: entity-based visualization of malware network traces
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Review: A survey of network flow applications
Journal of Network and Computer Applications
ELVIS: Extensible Log VISualization
Proceedings of the Tenth Workshop on Visualization for Cyber Security
Hi-index | 0.00 |
NetFlow data is routinely captured at the border of many enterprise networks. Although not as rich as full packet–capture data, NetFlow provides a compact record of the interactions between host pairs on either side of the monitored border. Analysis of this data presents a challenge to the security analyst due to its volume. We report preliminary results on the development of a suite of visualization tools that are intended to complement command linetools, such as those from the SiLK Tools, that are currently used by analysts to perform forensic analysis of NetFlow data. The current version of the tool set draws on three visual paradigms: activity diagrams that display various aspects of multiple individual host behaviors as color1 coded time series, connection bundles that show the interactions among hosts and groups of hosts, and the NetBytes viewer that allows detailed examination of the port and volume behaviors of an individual host over a period of time. The system supports drill down for additional detail and pivoting that allows the analyst to examine the relationships among the displays. SiLK data is preprocessed into a relational database to drive the display modes, and the tools can interact with the SiLK system to extract additional data as necessary.