Tree visualization with tree-maps: 2-d space-filling approach
ACM Transactions on Graphics (TOG)
Daytona and the fourth-generation language Cymbal
SIGMOD '99 Proceedings of the 1999 ACM SIGMOD international conference on Management of data
Gigascope: a stream database for network applications
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
Home-centric visualization of network traffic for security administration
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
prefuse: a toolkit for interactive information visualization
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Closing-the-Loop in NVisionIP: Integrating Discovery and Search in Security Visualizations
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Visualizing Cyber Attacks using IP Matrix
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Preserving the Big Picture: Visual Network Traffic Analysis with TN
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Visual Correlation of Network Alerts
IEEE Computer Graphics and Applications
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Hierarchical Edge Bundles: Visualization of Adjacency Relations in Hierarchical Data
IEEE Transactions on Visualization and Computer Graphics
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
IEEE Transactions on Visualization and Computer Graphics
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Highly predictive blacklisting
SS'08 Proceedings of the 17th conference on Security symposium
SS'08 Proceedings of the 17th conference on Security symposium
Proposing a multi-touch interface for intrusion detection environments
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
PeekKernelFlows: peeking into IP flows
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Alerts visualization and clustering in network-based intrusion detection
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Multistage attack detection system for network administrators using data mining
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Digging into ip flow records with a visual kernel method
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
QuizMap: open social student modeling and adaptive navigation support with TreeMaps
EC-TEL'11 Proceedings of the 6th European conference on Technology enhanced learning: towards ubiquitous learning
Process mining and security: visualization in database intrusion detection
PAISI'12 Proceedings of the 2012 Pacific Asia conference on Intelligence and Security Informatics
SPTrack: visual analysis of information flows within SELinux policies and attack logs
AMT'12 Proceedings of the 8th international conference on Active Media Technology
Hi-index | 0.00 |
Network security depends heavily on automated Intrusion Detection Systems (IDS) to sense malicious activity. Unfortunately, IDS often deliver both too much raw information, and an incomplete local picture, impeding accurate assessment of emerging threats. We propose a system to support analysis of IDS logs, that visually pivots large sets of Net-Flows. In particular, two visual representations of the flow data are compared: a TreeMap visualization of local network hosts, which are linked through hierarchical edge bundles with the external hosts, and a graph representation using a force-directed layout to visualize the structure of the host communication patterns. Three case studies demonstrate the capabilities of our tool to 1) analyze service usage in a managed network, 2) detect a distributed attack, and 3) investigate hosts in our network that communicate with suspect external IPs.